@nauth-toolkit/core 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (778) hide show
  1. package/dist/adapters/database-columns.d.ts +10 -0
  2. package/dist/adapters/database-columns.d.ts.map +1 -0
  3. package/dist/adapters/database-columns.js +85 -0
  4. package/dist/adapters/database-columns.js.map +1 -0
  5. package/dist/adapters/express.adapter.d.ts +41 -0
  6. package/dist/adapters/express.adapter.d.ts.map +1 -0
  7. package/dist/adapters/express.adapter.js +188 -0
  8. package/dist/adapters/express.adapter.js.map +1 -0
  9. package/dist/adapters/fastify.adapter.d.ts +33 -0
  10. package/dist/adapters/fastify.adapter.d.ts.map +1 -0
  11. package/dist/adapters/fastify.adapter.js +223 -0
  12. package/dist/adapters/fastify.adapter.js.map +1 -0
  13. package/dist/adapters/index.d.ts +5 -0
  14. package/dist/adapters/index.d.ts.map +1 -0
  15. package/dist/adapters/index.js +25 -0
  16. package/dist/adapters/index.js.map +1 -0
  17. package/dist/adapters/storage.factory.d.ts +7 -0
  18. package/dist/adapters/storage.factory.d.ts.map +1 -0
  19. package/dist/adapters/storage.factory.js +24 -0
  20. package/dist/adapters/storage.factory.js.map +1 -0
  21. package/dist/bootstrap.d.ts +41 -0
  22. package/dist/bootstrap.d.ts.map +1 -0
  23. package/dist/bootstrap.js +113 -0
  24. package/dist/bootstrap.js.map +1 -0
  25. package/dist/dto/auth-challenge.dto.d.ts +19 -0
  26. package/dist/dto/auth-challenge.dto.d.ts.map +1 -0
  27. package/dist/dto/auth-challenge.dto.js +86 -0
  28. package/dist/dto/auth-challenge.dto.js.map +1 -0
  29. package/dist/dto/auth-response.dto.d.ts +31 -0
  30. package/dist/dto/auth-response.dto.d.ts.map +1 -0
  31. package/dist/dto/auth-response.dto.js +18 -0
  32. package/dist/dto/auth-response.dto.js.map +1 -0
  33. package/dist/dto/challenge-response.dto.d.ts +36 -0
  34. package/dist/dto/challenge-response.dto.d.ts.map +1 -0
  35. package/dist/dto/challenge-response.dto.js +3 -0
  36. package/dist/dto/challenge-response.dto.js.map +1 -0
  37. package/dist/dto/change-password-request.dto.d.ts +5 -0
  38. package/dist/dto/change-password-request.dto.d.ts.map +1 -0
  39. package/dist/dto/change-password-request.dto.js +30 -0
  40. package/dist/dto/change-password-request.dto.js.map +1 -0
  41. package/dist/dto/change-password-response.dto.d.ts +4 -0
  42. package/dist/dto/change-password-response.dto.d.ts.map +1 -0
  43. package/dist/dto/change-password-response.dto.js +8 -0
  44. package/dist/dto/change-password-response.dto.js.map +1 -0
  45. package/dist/dto/change-password.dto.d.ts +5 -0
  46. package/dist/dto/change-password.dto.d.ts.map +1 -0
  47. package/dist/dto/change-password.dto.js +29 -0
  48. package/dist/dto/change-password.dto.js.map +1 -0
  49. package/dist/dto/error-response.dto.d.ts +9 -0
  50. package/dist/dto/error-response.dto.d.ts.map +1 -0
  51. package/dist/dto/error-response.dto.js +59 -0
  52. package/dist/dto/error-response.dto.js.map +1 -0
  53. package/dist/dto/get-available-methods.dto.d.ts +7 -0
  54. package/dist/dto/get-available-methods.dto.d.ts.map +1 -0
  55. package/dist/dto/get-available-methods.dto.js +33 -0
  56. package/dist/dto/get-available-methods.dto.js.map +1 -0
  57. package/dist/dto/get-challenge-data-response.dto.d.ts +4 -0
  58. package/dist/dto/get-challenge-data-response.dto.d.ts.map +1 -0
  59. package/dist/dto/get-challenge-data-response.dto.js +8 -0
  60. package/dist/dto/get-challenge-data-response.dto.js.map +1 -0
  61. package/dist/dto/get-challenge-data.dto.d.ts +8 -0
  62. package/dist/dto/get-challenge-data.dto.d.ts.map +1 -0
  63. package/dist/dto/get-challenge-data.dto.js +40 -0
  64. package/dist/dto/get-challenge-data.dto.js.map +1 -0
  65. package/dist/dto/get-client-info.dto.d.ts +17 -0
  66. package/dist/dto/get-client-info.dto.d.ts.map +1 -0
  67. package/dist/dto/get-client-info.dto.js +20 -0
  68. package/dist/dto/get-client-info.dto.js.map +1 -0
  69. package/dist/dto/get-device-token-response.dto.d.ts +4 -0
  70. package/dist/dto/get-device-token-response.dto.d.ts.map +1 -0
  71. package/dist/dto/get-device-token-response.dto.js +8 -0
  72. package/dist/dto/get-device-token-response.dto.js.map +1 -0
  73. package/dist/dto/get-events-by-type.dto.d.ts +17 -0
  74. package/dist/dto/get-events-by-type.dto.d.ts.map +1 -0
  75. package/dist/dto/get-events-by-type.dto.js +20 -0
  76. package/dist/dto/get-events-by-type.dto.js.map +1 -0
  77. package/dist/dto/get-ip-address-response.dto.d.ts +4 -0
  78. package/dist/dto/get-ip-address-response.dto.d.ts.map +1 -0
  79. package/dist/dto/get-ip-address-response.dto.js +8 -0
  80. package/dist/dto/get-ip-address-response.dto.js.map +1 -0
  81. package/dist/dto/get-mfa-status.dto.d.ts +16 -0
  82. package/dist/dto/get-mfa-status.dto.d.ts.map +1 -0
  83. package/dist/dto/get-mfa-status.dto.js +41 -0
  84. package/dist/dto/get-mfa-status.dto.js.map +1 -0
  85. package/dist/dto/get-risk-assessment-history.dto.d.ts +9 -0
  86. package/dist/dto/get-risk-assessment-history.dto.d.ts.map +1 -0
  87. package/dist/dto/get-risk-assessment-history.dto.js +13 -0
  88. package/dist/dto/get-risk-assessment-history.dto.js.map +1 -0
  89. package/dist/dto/get-session-id-response.dto.d.ts +4 -0
  90. package/dist/dto/get-session-id-response.dto.d.ts.map +1 -0
  91. package/dist/dto/get-session-id-response.dto.js +8 -0
  92. package/dist/dto/get-session-id-response.dto.js.map +1 -0
  93. package/dist/dto/get-setup-data-response.dto.d.ts +4 -0
  94. package/dist/dto/get-setup-data-response.dto.d.ts.map +1 -0
  95. package/dist/dto/get-setup-data-response.dto.js +8 -0
  96. package/dist/dto/get-setup-data-response.dto.js.map +1 -0
  97. package/dist/dto/get-setup-data.dto.d.ts +7 -0
  98. package/dist/dto/get-setup-data.dto.d.ts.map +1 -0
  99. package/dist/dto/get-setup-data.dto.js +43 -0
  100. package/dist/dto/get-setup-data.dto.js.map +1 -0
  101. package/dist/dto/get-suspicious-activity.dto.d.ts +9 -0
  102. package/dist/dto/get-suspicious-activity.dto.d.ts.map +1 -0
  103. package/dist/dto/get-suspicious-activity.dto.js +13 -0
  104. package/dist/dto/get-suspicious-activity.dto.js.map +1 -0
  105. package/dist/dto/get-user-agent-response.dto.d.ts +4 -0
  106. package/dist/dto/get-user-agent-response.dto.d.ts.map +1 -0
  107. package/dist/dto/get-user-agent-response.dto.js +8 -0
  108. package/dist/dto/get-user-agent-response.dto.js.map +1 -0
  109. package/dist/dto/get-user-auth-history.dto.d.ts +20 -0
  110. package/dist/dto/get-user-auth-history.dto.d.ts.map +1 -0
  111. package/dist/dto/get-user-auth-history.dto.js +22 -0
  112. package/dist/dto/get-user-auth-history.dto.js.map +1 -0
  113. package/dist/dto/get-user-by-email.dto.d.ts +5 -0
  114. package/dist/dto/get-user-by-email.dto.d.ts.map +1 -0
  115. package/dist/dto/get-user-by-email.dto.js +36 -0
  116. package/dist/dto/get-user-by-email.dto.js.map +1 -0
  117. package/dist/dto/get-user-by-id.dto.d.ts +4 -0
  118. package/dist/dto/get-user-by-id.dto.d.ts.map +1 -0
  119. package/dist/dto/get-user-by-id.dto.js +29 -0
  120. package/dist/dto/get-user-by-id.dto.js.map +1 -0
  121. package/dist/dto/get-user-devices.dto.d.ts +8 -0
  122. package/dist/dto/get-user-devices.dto.d.ts.map +1 -0
  123. package/dist/dto/get-user-devices.dto.js +33 -0
  124. package/dist/dto/get-user-devices.dto.js.map +1 -0
  125. package/dist/dto/get-user-response.dto.d.ts +2 -0
  126. package/dist/dto/get-user-response.dto.d.ts.map +1 -0
  127. package/dist/dto/get-user-response.dto.js +6 -0
  128. package/dist/dto/get-user-response.dto.js.map +1 -0
  129. package/dist/dto/has-provider.dto.d.ts +7 -0
  130. package/dist/dto/has-provider.dto.d.ts.map +1 -0
  131. package/dist/dto/has-provider.dto.js +38 -0
  132. package/dist/dto/has-provider.dto.js.map +1 -0
  133. package/dist/dto/index.d.ts +51 -0
  134. package/dist/dto/index.d.ts.map +1 -0
  135. package/dist/dto/index.js +67 -0
  136. package/dist/dto/index.js.map +1 -0
  137. package/dist/dto/is-trusted-device-response.dto.d.ts +4 -0
  138. package/dist/dto/is-trusted-device-response.dto.d.ts.map +1 -0
  139. package/dist/dto/is-trusted-device-response.dto.js +8 -0
  140. package/dist/dto/is-trusted-device-response.dto.js.map +1 -0
  141. package/dist/dto/list-providers-response.dto.d.ts +4 -0
  142. package/dist/dto/list-providers-response.dto.d.ts.map +1 -0
  143. package/dist/dto/list-providers-response.dto.js +8 -0
  144. package/dist/dto/list-providers-response.dto.js.map +1 -0
  145. package/dist/dto/login.dto.d.ts +7 -0
  146. package/dist/dto/login.dto.d.ts.map +1 -0
  147. package/dist/dto/login.dto.js +68 -0
  148. package/dist/dto/login.dto.js.map +1 -0
  149. package/dist/dto/logout-all-response.dto.d.ts +4 -0
  150. package/dist/dto/logout-all-response.dto.d.ts.map +1 -0
  151. package/dist/dto/logout-all-response.dto.js +8 -0
  152. package/dist/dto/logout-all-response.dto.js.map +1 -0
  153. package/dist/dto/logout-all.dto.d.ts +5 -0
  154. package/dist/dto/logout-all.dto.d.ts.map +1 -0
  155. package/dist/dto/logout-all.dto.js +42 -0
  156. package/dist/dto/logout-all.dto.js.map +1 -0
  157. package/dist/dto/logout-response.dto.d.ts +4 -0
  158. package/dist/dto/logout-response.dto.d.ts.map +1 -0
  159. package/dist/dto/logout-response.dto.js +8 -0
  160. package/dist/dto/logout-response.dto.js.map +1 -0
  161. package/dist/dto/logout.dto.d.ts +5 -0
  162. package/dist/dto/logout.dto.d.ts.map +1 -0
  163. package/dist/dto/logout.dto.js +36 -0
  164. package/dist/dto/logout.dto.js.map +1 -0
  165. package/dist/dto/refresh-token.dto.d.ts +4 -0
  166. package/dist/dto/refresh-token.dto.d.ts.map +1 -0
  167. package/dist/dto/refresh-token.dto.js +24 -0
  168. package/dist/dto/refresh-token.dto.js.map +1 -0
  169. package/dist/dto/remove-devices.dto.d.ts +9 -0
  170. package/dist/dto/remove-devices.dto.d.ts.map +1 -0
  171. package/dist/dto/remove-devices.dto.js +50 -0
  172. package/dist/dto/remove-devices.dto.js.map +1 -0
  173. package/dist/dto/resend-code-response.dto.d.ts +4 -0
  174. package/dist/dto/resend-code-response.dto.d.ts.map +1 -0
  175. package/dist/dto/resend-code-response.dto.js +8 -0
  176. package/dist/dto/resend-code-response.dto.js.map +1 -0
  177. package/dist/dto/resend-code.dto.d.ts +4 -0
  178. package/dist/dto/resend-code.dto.d.ts.map +1 -0
  179. package/dist/dto/resend-code.dto.js +29 -0
  180. package/dist/dto/resend-code.dto.js.map +1 -0
  181. package/dist/dto/reset-password.dto.d.ts +8 -0
  182. package/dist/dto/reset-password.dto.d.ts.map +1 -0
  183. package/dist/dto/reset-password.dto.js +61 -0
  184. package/dist/dto/reset-password.dto.js.map +1 -0
  185. package/dist/dto/respond-challenge.dto.d.ts +33 -0
  186. package/dist/dto/respond-challenge.dto.d.ts.map +1 -0
  187. package/dist/dto/respond-challenge.dto.js +131 -0
  188. package/dist/dto/respond-challenge.dto.js.map +1 -0
  189. package/dist/dto/set-mfa-exemption.dto.d.ts +12 -0
  190. package/dist/dto/set-mfa-exemption.dto.d.ts.map +1 -0
  191. package/dist/dto/set-mfa-exemption.dto.js +66 -0
  192. package/dist/dto/set-mfa-exemption.dto.js.map +1 -0
  193. package/dist/dto/set-must-change-password-response.dto.d.ts +4 -0
  194. package/dist/dto/set-must-change-password-response.dto.d.ts.map +1 -0
  195. package/dist/dto/set-must-change-password-response.dto.js +8 -0
  196. package/dist/dto/set-must-change-password-response.dto.js.map +1 -0
  197. package/dist/dto/set-must-change-password.dto.d.ts +4 -0
  198. package/dist/dto/set-must-change-password.dto.d.ts.map +1 -0
  199. package/dist/dto/set-must-change-password.dto.js +29 -0
  200. package/dist/dto/set-must-change-password.dto.js.map +1 -0
  201. package/dist/dto/set-preferred-method.dto.d.ts +8 -0
  202. package/dist/dto/set-preferred-method.dto.d.ts.map +1 -0
  203. package/dist/dto/set-preferred-method.dto.js +49 -0
  204. package/dist/dto/set-preferred-method.dto.js.map +1 -0
  205. package/dist/dto/setup-mfa.dto.d.ts +9 -0
  206. package/dist/dto/setup-mfa.dto.d.ts.map +1 -0
  207. package/dist/dto/setup-mfa.dto.js +55 -0
  208. package/dist/dto/setup-mfa.dto.js.map +1 -0
  209. package/dist/dto/signup.dto.d.ts +10 -0
  210. package/dist/dto/signup.dto.d.ts.map +1 -0
  211. package/dist/dto/signup.dto.js +109 -0
  212. package/dist/dto/signup.dto.js.map +1 -0
  213. package/dist/dto/social-auth.dto.d.ts +54 -0
  214. package/dist/dto/social-auth.dto.d.ts.map +1 -0
  215. package/dist/dto/social-auth.dto.js +232 -0
  216. package/dist/dto/social-auth.dto.js.map +1 -0
  217. package/dist/dto/trust-device-response.dto.d.ts +4 -0
  218. package/dist/dto/trust-device-response.dto.d.ts.map +1 -0
  219. package/dist/dto/trust-device-response.dto.js +8 -0
  220. package/dist/dto/trust-device-response.dto.js.map +1 -0
  221. package/dist/dto/trust-device.dto.d.ts +1 -0
  222. package/dist/dto/trust-device.dto.d.ts.map +1 -0
  223. package/dist/dto/trust-device.dto.js +2 -0
  224. package/dist/dto/trust-device.dto.js.map +1 -0
  225. package/dist/dto/update-user-attributes-request.dto.d.ts +5 -0
  226. package/dist/dto/update-user-attributes-request.dto.d.ts.map +1 -0
  227. package/dist/dto/update-user-attributes-request.dto.js +30 -0
  228. package/dist/dto/update-user-attributes-request.dto.js.map +1 -0
  229. package/dist/dto/user-response.dto.d.ts +20 -0
  230. package/dist/dto/user-response.dto.d.ts.map +1 -0
  231. package/dist/dto/user-response.dto.js +42 -0
  232. package/dist/dto/user-response.dto.js.map +1 -0
  233. package/dist/dto/user-update.dto.d.ts +12 -0
  234. package/dist/dto/user-update.dto.d.ts.map +1 -0
  235. package/dist/dto/user-update.dto.js +119 -0
  236. package/dist/dto/user-update.dto.js.map +1 -0
  237. package/dist/dto/verify-email.dto.d.ts +29 -0
  238. package/dist/dto/verify-email.dto.d.ts.map +1 -0
  239. package/dist/dto/verify-email.dto.js +161 -0
  240. package/dist/dto/verify-email.dto.js.map +1 -0
  241. package/dist/dto/verify-mfa-code.dto.d.ts +10 -0
  242. package/dist/dto/verify-mfa-code.dto.d.ts.map +1 -0
  243. package/dist/dto/verify-mfa-code.dto.js +56 -0
  244. package/dist/dto/verify-mfa-code.dto.js.map +1 -0
  245. package/dist/dto/verify-phone-by-sub.dto.d.ts +6 -0
  246. package/dist/dto/verify-phone-by-sub.dto.d.ts.map +1 -0
  247. package/dist/dto/verify-phone-by-sub.dto.js +49 -0
  248. package/dist/dto/verify-phone-by-sub.dto.js.map +1 -0
  249. package/dist/dto/verify-phone.dto.d.ts +24 -0
  250. package/dist/dto/verify-phone.dto.d.ts.map +1 -0
  251. package/dist/dto/verify-phone.dto.js +124 -0
  252. package/dist/dto/verify-phone.dto.js.map +1 -0
  253. package/dist/entities/auth-audit.entity.d.ts +31 -0
  254. package/dist/entities/auth-audit.entity.d.ts.map +1 -0
  255. package/dist/entities/auth-audit.entity.js +33 -0
  256. package/dist/entities/auth-audit.entity.js.map +1 -0
  257. package/dist/entities/challenge-session.entity.d.ts +17 -0
  258. package/dist/entities/challenge-session.entity.d.ts.map +1 -0
  259. package/dist/entities/challenge-session.entity.js +21 -0
  260. package/dist/entities/challenge-session.entity.js.map +1 -0
  261. package/dist/entities/index.d.ts +12 -0
  262. package/dist/entities/index.d.ts.map +1 -0
  263. package/dist/entities/index.js +26 -0
  264. package/dist/entities/index.js.map +1 -0
  265. package/dist/entities/login-attempt.entity.d.ts +13 -0
  266. package/dist/entities/login-attempt.entity.d.ts.map +1 -0
  267. package/dist/entities/login-attempt.entity.js +17 -0
  268. package/dist/entities/login-attempt.entity.js.map +1 -0
  269. package/dist/entities/mfa-device.entity.d.ts +22 -0
  270. package/dist/entities/mfa-device.entity.d.ts.map +1 -0
  271. package/dist/entities/mfa-device.entity.js +25 -0
  272. package/dist/entities/mfa-device.entity.js.map +1 -0
  273. package/dist/entities/rate-limit.entity.d.ts +9 -0
  274. package/dist/entities/rate-limit.entity.d.ts.map +1 -0
  275. package/dist/entities/rate-limit.entity.js +13 -0
  276. package/dist/entities/rate-limit.entity.js.map +1 -0
  277. package/dist/entities/session.entity.d.ts +32 -0
  278. package/dist/entities/session.entity.d.ts.map +1 -0
  279. package/dist/entities/session.entity.js +36 -0
  280. package/dist/entities/session.entity.js.map +1 -0
  281. package/dist/entities/social-account.entity.d.ts +13 -0
  282. package/dist/entities/social-account.entity.d.ts.map +1 -0
  283. package/dist/entities/social-account.entity.js +17 -0
  284. package/dist/entities/social-account.entity.js.map +1 -0
  285. package/dist/entities/storage-lock.entity.d.ts +8 -0
  286. package/dist/entities/storage-lock.entity.d.ts.map +1 -0
  287. package/dist/entities/storage-lock.entity.js +12 -0
  288. package/dist/entities/storage-lock.entity.js.map +1 -0
  289. package/dist/entities/trusted-device.entity.d.ts +17 -0
  290. package/dist/entities/trusted-device.entity.d.ts.map +1 -0
  291. package/dist/entities/trusted-device.entity.js +21 -0
  292. package/dist/entities/trusted-device.entity.js.map +1 -0
  293. package/dist/entities/user.entity.d.ts +41 -0
  294. package/dist/entities/user.entity.d.ts.map +1 -0
  295. package/dist/entities/user.entity.js +45 -0
  296. package/dist/entities/user.entity.js.map +1 -0
  297. package/dist/entities/verification-token.entity.d.ts +19 -0
  298. package/dist/entities/verification-token.entity.d.ts.map +1 -0
  299. package/dist/entities/verification-token.entity.js +29 -0
  300. package/dist/entities/verification-token.entity.js.map +1 -0
  301. package/dist/enums/auth-audit-event-type.enum.d.ts +55 -0
  302. package/dist/enums/auth-audit-event-type.enum.d.ts.map +1 -0
  303. package/dist/enums/auth-audit-event-type.enum.js +59 -0
  304. package/dist/enums/auth-audit-event-type.enum.js.map +1 -0
  305. package/dist/enums/error-codes.enum.d.ts +53 -0
  306. package/dist/enums/error-codes.enum.d.ts.map +1 -0
  307. package/dist/enums/error-codes.enum.js +57 -0
  308. package/dist/enums/error-codes.enum.js.map +1 -0
  309. package/dist/enums/mfa-method.enum.d.ts +11 -0
  310. package/dist/enums/mfa-method.enum.d.ts.map +1 -0
  311. package/dist/enums/mfa-method.enum.js +18 -0
  312. package/dist/enums/mfa-method.enum.js.map +1 -0
  313. package/dist/enums/risk-factor.enum.d.ts +14 -0
  314. package/dist/enums/risk-factor.enum.d.ts.map +1 -0
  315. package/dist/enums/risk-factor.enum.js +18 -0
  316. package/dist/enums/risk-factor.enum.js.map +1 -0
  317. package/dist/exceptions/nauth.exception.d.ts +18 -0
  318. package/dist/exceptions/nauth.exception.d.ts.map +1 -0
  319. package/dist/exceptions/nauth.exception.js +64 -0
  320. package/dist/exceptions/nauth.exception.js.map +1 -0
  321. package/dist/handlers/auth.handler.d.ts +18 -0
  322. package/dist/handlers/auth.handler.d.ts.map +1 -0
  323. package/dist/handlers/auth.handler.js +173 -0
  324. package/dist/handlers/auth.handler.js.map +1 -0
  325. package/dist/handlers/client-info.handler.d.ts +12 -0
  326. package/dist/handlers/client-info.handler.d.ts.map +1 -0
  327. package/dist/handlers/client-info.handler.js +61 -0
  328. package/dist/handlers/client-info.handler.js.map +1 -0
  329. package/dist/handlers/csrf.handler.d.ts +13 -0
  330. package/dist/handlers/csrf.handler.d.ts.map +1 -0
  331. package/dist/handlers/csrf.handler.js +84 -0
  332. package/dist/handlers/csrf.handler.js.map +1 -0
  333. package/dist/handlers/token-delivery.handler.d.ts +12 -0
  334. package/dist/handlers/token-delivery.handler.d.ts.map +1 -0
  335. package/dist/handlers/token-delivery.handler.js +86 -0
  336. package/dist/handlers/token-delivery.handler.js.map +1 -0
  337. package/dist/index.d.ts +27 -0
  338. package/dist/index.d.ts.map +1 -0
  339. package/dist/index.js +51 -0
  340. package/dist/index.js.map +1 -0
  341. package/dist/interfaces/client-info.interface.d.ts +16 -0
  342. package/dist/interfaces/client-info.interface.d.ts.map +1 -0
  343. package/dist/interfaces/client-info.interface.js +3 -0
  344. package/dist/interfaces/client-info.interface.js.map +1 -0
  345. package/dist/interfaces/config.interface.d.ts +279 -0
  346. package/dist/interfaces/config.interface.d.ts.map +1 -0
  347. package/dist/interfaces/config.interface.js +3 -0
  348. package/dist/interfaces/config.interface.js.map +1 -0
  349. package/dist/interfaces/entities.interface.d.ts +169 -0
  350. package/dist/interfaces/entities.interface.d.ts.map +1 -0
  351. package/dist/interfaces/entities.interface.js +3 -0
  352. package/dist/interfaces/entities.interface.js.map +1 -0
  353. package/dist/interfaces/index.d.ts +11 -0
  354. package/dist/interfaces/index.d.ts.map +1 -0
  355. package/dist/interfaces/index.js +27 -0
  356. package/dist/interfaces/index.js.map +1 -0
  357. package/dist/interfaces/logger.interface.d.ts +43 -0
  358. package/dist/interfaces/logger.interface.d.ts.map +1 -0
  359. package/dist/interfaces/logger.interface.js +12 -0
  360. package/dist/interfaces/logger.interface.js.map +1 -0
  361. package/dist/interfaces/mfa-provider.interface.d.ts +12 -0
  362. package/dist/interfaces/mfa-provider.interface.d.ts.map +1 -0
  363. package/dist/interfaces/mfa-provider.interface.js +3 -0
  364. package/dist/interfaces/mfa-provider.interface.js.map +1 -0
  365. package/dist/interfaces/oauth.interface.d.ts +24 -0
  366. package/dist/interfaces/oauth.interface.d.ts.map +1 -0
  367. package/dist/interfaces/oauth.interface.js +3 -0
  368. package/dist/interfaces/oauth.interface.js.map +1 -0
  369. package/dist/interfaces/provider.interface.d.ts +12 -0
  370. package/dist/interfaces/provider.interface.d.ts.map +1 -0
  371. package/dist/interfaces/provider.interface.js +3 -0
  372. package/dist/interfaces/provider.interface.js.map +1 -0
  373. package/dist/interfaces/social-auth-provider.interface.d.ts +13 -0
  374. package/dist/interfaces/social-auth-provider.interface.d.ts.map +1 -0
  375. package/dist/interfaces/social-auth-provider.interface.js +3 -0
  376. package/dist/interfaces/social-auth-provider.interface.js.map +1 -0
  377. package/dist/interfaces/storage-adapter.interface.d.ts +39 -0
  378. package/dist/interfaces/storage-adapter.interface.d.ts.map +1 -0
  379. package/dist/interfaces/storage-adapter.interface.js +3 -0
  380. package/dist/interfaces/storage-adapter.interface.js.map +1 -0
  381. package/dist/interfaces/template.interface.d.ts +99 -0
  382. package/dist/interfaces/template.interface.d.ts.map +1 -0
  383. package/dist/interfaces/template.interface.js +15 -0
  384. package/dist/interfaces/template.interface.js.map +1 -0
  385. package/dist/interfaces/token-verifier.interface.d.ts +7 -0
  386. package/dist/interfaces/token-verifier.interface.d.ts.map +1 -0
  387. package/dist/interfaces/token-verifier.interface.js +3 -0
  388. package/dist/interfaces/token-verifier.interface.js.map +1 -0
  389. package/dist/internal.d.ts +20 -0
  390. package/dist/internal.d.ts.map +1 -0
  391. package/dist/internal.js +53 -0
  392. package/dist/internal.js.map +1 -0
  393. package/dist/platform/interfaces.d.ts +56 -0
  394. package/dist/platform/interfaces.d.ts.map +1 -0
  395. package/dist/platform/interfaces.js +3 -0
  396. package/dist/platform/interfaces.js.map +1 -0
  397. package/dist/schemas/auth-config.schema.d.ts +3411 -0
  398. package/dist/schemas/auth-config.schema.d.ts.map +1 -0
  399. package/dist/schemas/auth-config.schema.js +428 -0
  400. package/dist/schemas/auth-config.schema.js.map +1 -0
  401. package/dist/services/adaptive-mfa-decision.service.d.ts +39 -0
  402. package/dist/services/adaptive-mfa-decision.service.d.ts.map +1 -0
  403. package/dist/services/adaptive-mfa-decision.service.js +223 -0
  404. package/dist/services/adaptive-mfa-decision.service.js.map +1 -0
  405. package/dist/services/auth-audit.service.d.ts +44 -0
  406. package/dist/services/auth-audit.service.d.ts.map +1 -0
  407. package/dist/services/auth-audit.service.js +241 -0
  408. package/dist/services/auth-audit.service.js.map +1 -0
  409. package/dist/services/auth-challenge-helper.service.d.ts +48 -0
  410. package/dist/services/auth-challenge-helper.service.d.ts.map +1 -0
  411. package/dist/services/auth-challenge-helper.service.js +425 -0
  412. package/dist/services/auth-challenge-helper.service.js.map +1 -0
  413. package/dist/services/auth-flow-context-builder.service.d.ts +31 -0
  414. package/dist/services/auth-flow-context-builder.service.d.ts.map +1 -0
  415. package/dist/services/auth-flow-context-builder.service.js +253 -0
  416. package/dist/services/auth-flow-context-builder.service.js.map +1 -0
  417. package/dist/services/auth-flow-rules.d.ts +18 -0
  418. package/dist/services/auth-flow-rules.d.ts.map +1 -0
  419. package/dist/services/auth-flow-rules.js +55 -0
  420. package/dist/services/auth-flow-rules.js.map +1 -0
  421. package/dist/services/auth-flow-state-definitions.d.ts +5 -0
  422. package/dist/services/auth-flow-state-definitions.d.ts.map +1 -0
  423. package/dist/services/auth-flow-state-definitions.js +87 -0
  424. package/dist/services/auth-flow-state-definitions.js.map +1 -0
  425. package/dist/services/auth-flow-state-machine.service.d.ts +17 -0
  426. package/dist/services/auth-flow-state-machine.service.d.ts.map +1 -0
  427. package/dist/services/auth-flow-state-machine.service.js +91 -0
  428. package/dist/services/auth-flow-state-machine.service.js.map +1 -0
  429. package/dist/services/auth-flow-state-machine.types.d.ts +55 -0
  430. package/dist/services/auth-flow-state-machine.types.d.ts.map +1 -0
  431. package/dist/services/auth-flow-state-machine.types.js +16 -0
  432. package/dist/services/auth-flow-state-machine.types.js.map +1 -0
  433. package/dist/services/auth.service.d.ts +87 -0
  434. package/dist/services/auth.service.d.ts.map +1 -0
  435. package/dist/services/auth.service.js +2356 -0
  436. package/dist/services/auth.service.js.map +1 -0
  437. package/dist/services/challenge.service.d.ts +32 -0
  438. package/dist/services/challenge.service.d.ts.map +1 -0
  439. package/dist/services/challenge.service.js +293 -0
  440. package/dist/services/challenge.service.js.map +1 -0
  441. package/dist/services/client-info.service.d.ts +20 -0
  442. package/dist/services/client-info.service.d.ts.map +1 -0
  443. package/dist/services/client-info.service.js +202 -0
  444. package/dist/services/client-info.service.js.map +1 -0
  445. package/dist/services/csrf.service.d.ts +13 -0
  446. package/dist/services/csrf.service.d.ts.map +1 -0
  447. package/dist/services/csrf.service.js +67 -0
  448. package/dist/services/csrf.service.js.map +1 -0
  449. package/dist/services/email-verification.service.d.ts +30 -0
  450. package/dist/services/email-verification.service.d.ts.map +1 -0
  451. package/dist/services/email-verification.service.js +373 -0
  452. package/dist/services/email-verification.service.js.map +1 -0
  453. package/dist/services/geo-location.service.d.ts +85 -0
  454. package/dist/services/geo-location.service.d.ts.map +1 -0
  455. package/dist/services/geo-location.service.js +338 -0
  456. package/dist/services/geo-location.service.js.map +1 -0
  457. package/dist/services/index.d.ts +14 -0
  458. package/dist/services/index.d.ts.map +1 -0
  459. package/dist/services/index.js +30 -0
  460. package/dist/services/index.js.map +1 -0
  461. package/dist/services/jwt.service.d.ts +62 -0
  462. package/dist/services/jwt.service.d.ts.map +1 -0
  463. package/dist/services/jwt.service.js +261 -0
  464. package/dist/services/jwt.service.js.map +1 -0
  465. package/dist/services/mfa-base.service.d.ts +37 -0
  466. package/dist/services/mfa-base.service.d.ts.map +1 -0
  467. package/dist/services/mfa-base.service.js +297 -0
  468. package/dist/services/mfa-base.service.js.map +1 -0
  469. package/dist/services/mfa.service.d.ts +35 -0
  470. package/dist/services/mfa.service.d.ts.map +1 -0
  471. package/dist/services/mfa.service.js +449 -0
  472. package/dist/services/mfa.service.js.map +1 -0
  473. package/dist/services/password.service.d.ts +19 -0
  474. package/dist/services/password.service.d.ts.map +1 -0
  475. package/dist/services/password.service.js +150 -0
  476. package/dist/services/password.service.js.map +1 -0
  477. package/dist/services/phone-verification.service.d.ts +32 -0
  478. package/dist/services/phone-verification.service.d.ts.map +1 -0
  479. package/dist/services/phone-verification.service.js +474 -0
  480. package/dist/services/phone-verification.service.js.map +1 -0
  481. package/dist/services/risk-detection.service.d.ts +30 -0
  482. package/dist/services/risk-detection.service.d.ts.map +1 -0
  483. package/dist/services/risk-detection.service.js +518 -0
  484. package/dist/services/risk-detection.service.js.map +1 -0
  485. package/dist/services/risk-scoring.service.d.ts +12 -0
  486. package/dist/services/risk-scoring.service.d.ts.map +1 -0
  487. package/dist/services/risk-scoring.service.js +44 -0
  488. package/dist/services/risk-scoring.service.js.map +1 -0
  489. package/dist/services/session.service.d.ts +64 -0
  490. package/dist/services/session.service.d.ts.map +1 -0
  491. package/dist/services/session.service.js +455 -0
  492. package/dist/services/session.service.js.map +1 -0
  493. package/dist/services/social-auth-base.service.d.ts +57 -0
  494. package/dist/services/social-auth-base.service.d.ts.map +1 -0
  495. package/dist/services/social-auth-base.service.js +340 -0
  496. package/dist/services/social-auth-base.service.js.map +1 -0
  497. package/dist/services/social-auth.service.d.ts +31 -0
  498. package/dist/services/social-auth.service.d.ts.map +1 -0
  499. package/dist/services/social-auth.service.js +172 -0
  500. package/dist/services/social-auth.service.js.map +1 -0
  501. package/dist/services/social-provider-registry.service.d.ts +9 -0
  502. package/dist/services/social-provider-registry.service.d.ts.map +1 -0
  503. package/dist/services/social-provider-registry.service.js +30 -0
  504. package/dist/services/social-provider-registry.service.js.map +1 -0
  505. package/dist/services/trusted-device.service.d.ts +29 -0
  506. package/dist/services/trusted-device.service.d.ts.map +1 -0
  507. package/dist/services/trusted-device.service.js +190 -0
  508. package/dist/services/trusted-device.service.js.map +1 -0
  509. package/dist/storage/account-lockout-storage.service.d.ts +16 -0
  510. package/dist/storage/account-lockout-storage.service.d.ts.map +1 -0
  511. package/dist/storage/account-lockout-storage.service.js +50 -0
  512. package/dist/storage/account-lockout-storage.service.js.map +1 -0
  513. package/dist/storage/index.d.ts +4 -0
  514. package/dist/storage/index.d.ts.map +1 -0
  515. package/dist/storage/index.js +20 -0
  516. package/dist/storage/index.js.map +1 -0
  517. package/dist/storage/memory-storage.adapter.d.ts +33 -0
  518. package/dist/storage/memory-storage.adapter.d.ts.map +1 -0
  519. package/dist/storage/memory-storage.adapter.js +195 -0
  520. package/dist/storage/memory-storage.adapter.js.map +1 -0
  521. package/dist/storage/rate-limit-storage.service.d.ts +11 -0
  522. package/dist/storage/rate-limit-storage.service.d.ts.map +1 -0
  523. package/dist/storage/rate-limit-storage.service.js +33 -0
  524. package/dist/storage/rate-limit-storage.service.js.map +1 -0
  525. package/dist/templates/html-template.engine.d.ts +16 -0
  526. package/dist/templates/html-template.engine.d.ts.map +1 -0
  527. package/dist/templates/html-template.engine.js +502 -0
  528. package/dist/templates/html-template.engine.js.map +1 -0
  529. package/dist/templates/index.d.ts +2 -0
  530. package/dist/templates/index.d.ts.map +1 -0
  531. package/dist/templates/index.js +18 -0
  532. package/dist/templates/index.js.map +1 -0
  533. package/dist/utils/common-passwords.d.ts +4 -0
  534. package/dist/utils/common-passwords.d.ts.map +1 -0
  535. package/dist/utils/common-passwords.js +108 -0
  536. package/dist/utils/common-passwords.js.map +1 -0
  537. package/dist/utils/context-storage.d.ts +13 -0
  538. package/dist/utils/context-storage.d.ts.map +1 -0
  539. package/dist/utils/context-storage.js +54 -0
  540. package/dist/utils/context-storage.js.map +1 -0
  541. package/dist/utils/cookie-names.util.d.ts +7 -0
  542. package/dist/utils/cookie-names.util.d.ts.map +1 -0
  543. package/dist/utils/cookie-names.util.js +30 -0
  544. package/dist/utils/cookie-names.util.js.map +1 -0
  545. package/dist/utils/cookies.util.d.ts +12 -0
  546. package/dist/utils/cookies.util.d.ts.map +1 -0
  547. package/dist/utils/cookies.util.js +48 -0
  548. package/dist/utils/cookies.util.js.map +1 -0
  549. package/dist/utils/index.d.ts +8 -0
  550. package/dist/utils/index.d.ts.map +1 -0
  551. package/dist/utils/index.js +24 -0
  552. package/dist/utils/index.js.map +1 -0
  553. package/dist/utils/ip-extractor.d.ts +12 -0
  554. package/dist/utils/ip-extractor.d.ts.map +1 -0
  555. package/dist/utils/ip-extractor.js +88 -0
  556. package/dist/utils/ip-extractor.js.map +1 -0
  557. package/dist/utils/nauth-logger.d.ts +20 -0
  558. package/dist/utils/nauth-logger.d.ts.map +1 -0
  559. package/dist/utils/nauth-logger.js +129 -0
  560. package/dist/utils/nauth-logger.js.map +1 -0
  561. package/dist/utils/pii-redactor.d.ts +16 -0
  562. package/dist/utils/pii-redactor.d.ts.map +1 -0
  563. package/dist/utils/pii-redactor.js +147 -0
  564. package/dist/utils/pii-redactor.js.map +1 -0
  565. package/dist/utils/setup/get-repositories.d.ts +16 -0
  566. package/dist/utils/setup/get-repositories.d.ts.map +1 -0
  567. package/dist/utils/setup/get-repositories.js +36 -0
  568. package/dist/utils/setup/get-repositories.js.map +1 -0
  569. package/dist/utils/setup/init-services.d.ts +41 -0
  570. package/dist/utils/setup/init-services.d.ts.map +1 -0
  571. package/dist/utils/setup/init-services.js +107 -0
  572. package/dist/utils/setup/init-services.js.map +1 -0
  573. package/dist/utils/setup/init-social.d.ts +13 -0
  574. package/dist/utils/setup/init-social.d.ts.map +1 -0
  575. package/dist/utils/setup/init-social.js +77 -0
  576. package/dist/utils/setup/init-social.js.map +1 -0
  577. package/dist/utils/setup/init-storage.d.ts +4 -0
  578. package/dist/utils/setup/init-storage.d.ts.map +1 -0
  579. package/dist/utils/setup/init-storage.js +79 -0
  580. package/dist/utils/setup/init-storage.js.map +1 -0
  581. package/dist/utils/setup/register-mfa.d.ts +5 -0
  582. package/dist/utils/setup/register-mfa.d.ts.map +1 -0
  583. package/dist/utils/setup/register-mfa.js +85 -0
  584. package/dist/utils/setup/register-mfa.js.map +1 -0
  585. package/dist/utils/setup/run-nauth-migrations.d.ts +5 -0
  586. package/dist/utils/setup/run-nauth-migrations.d.ts.map +1 -0
  587. package/dist/utils/setup/run-nauth-migrations.js +67 -0
  588. package/dist/utils/setup/run-nauth-migrations.js.map +1 -0
  589. package/dist/utils/token-delivery-policy.d.ts +6 -0
  590. package/dist/utils/token-delivery-policy.d.ts.map +1 -0
  591. package/dist/utils/token-delivery-policy.js +15 -0
  592. package/dist/utils/token-delivery-policy.js.map +1 -0
  593. package/dist/validators/template.validator.d.ts +7 -0
  594. package/dist/validators/template.validator.d.ts.map +1 -0
  595. package/dist/validators/template.validator.js +95 -0
  596. package/dist/validators/template.validator.js.map +1 -0
  597. package/jest.config.js +15 -0
  598. package/jest.setup.ts +6 -0
  599. package/package.json +73 -0
  600. package/src/adapters/database-columns.ts +165 -0
  601. package/src/adapters/express.adapter.ts +385 -0
  602. package/src/adapters/fastify.adapter.ts +416 -0
  603. package/src/adapters/index.ts +16 -0
  604. package/src/adapters/storage.factory.ts +143 -0
  605. package/src/bootstrap.ts +374 -0
  606. package/src/dto/auth-challenge.dto.ts +231 -0
  607. package/src/dto/auth-response.dto.ts +253 -0
  608. package/src/dto/challenge-response.dto.ts +234 -0
  609. package/src/dto/change-password-request.dto.ts +50 -0
  610. package/src/dto/change-password-response.dto.ts +29 -0
  611. package/src/dto/change-password.dto.ts +57 -0
  612. package/src/dto/error-response.dto.ts +136 -0
  613. package/src/dto/get-available-methods.dto.ts +55 -0
  614. package/src/dto/get-challenge-data-response.dto.ts +28 -0
  615. package/src/dto/get-challenge-data.dto.ts +69 -0
  616. package/src/dto/get-client-info.dto.ts +104 -0
  617. package/src/dto/get-device-token-response.dto.ts +25 -0
  618. package/src/dto/get-events-by-type.dto.ts +76 -0
  619. package/src/dto/get-ip-address-response.dto.ts +24 -0
  620. package/src/dto/get-mfa-status.dto.ts +94 -0
  621. package/src/dto/get-risk-assessment-history.dto.ts +39 -0
  622. package/src/dto/get-session-id-response.dto.ts +25 -0
  623. package/src/dto/get-setup-data-response.dto.ts +31 -0
  624. package/src/dto/get-setup-data.dto.ts +75 -0
  625. package/src/dto/get-suspicious-activity.dto.ts +42 -0
  626. package/src/dto/get-user-agent-response.dto.ts +23 -0
  627. package/src/dto/get-user-auth-history.dto.ts +95 -0
  628. package/src/dto/get-user-by-email.dto.ts +61 -0
  629. package/src/dto/get-user-by-id.dto.ts +46 -0
  630. package/src/dto/get-user-devices.dto.ts +53 -0
  631. package/src/dto/get-user-response.dto.ts +17 -0
  632. package/src/dto/has-provider.dto.ts +56 -0
  633. package/src/dto/index.ts +57 -0
  634. package/src/dto/is-trusted-device-response.dto.ts +34 -0
  635. package/src/dto/list-providers-response.dto.ts +23 -0
  636. package/src/dto/login.dto.ts +95 -0
  637. package/src/dto/logout-all-response.dto.ts +24 -0
  638. package/src/dto/logout-all.dto.ts +65 -0
  639. package/src/dto/logout-response.dto.ts +25 -0
  640. package/src/dto/logout.dto.ts +64 -0
  641. package/src/dto/refresh-token.dto.ts +36 -0
  642. package/src/dto/remove-devices.dto.ts +85 -0
  643. package/src/dto/resend-code-response.dto.ts +32 -0
  644. package/src/dto/resend-code.dto.ts +51 -0
  645. package/src/dto/reset-password.dto.ts +115 -0
  646. package/src/dto/respond-challenge.dto.ts +272 -0
  647. package/src/dto/set-mfa-exemption.dto.ts +112 -0
  648. package/src/dto/set-must-change-password-response.dto.ts +27 -0
  649. package/src/dto/set-must-change-password.dto.ts +46 -0
  650. package/src/dto/set-preferred-method.dto.ts +80 -0
  651. package/src/dto/setup-mfa.dto.ts +98 -0
  652. package/src/dto/signup.dto.ts +174 -0
  653. package/src/dto/social-auth.dto.ts +422 -0
  654. package/src/dto/trust-device-response.dto.ts +30 -0
  655. package/src/dto/trust-device.dto.ts +9 -0
  656. package/src/dto/update-user-attributes-request.dto.ts +51 -0
  657. package/src/dto/user-response.dto.ts +138 -0
  658. package/src/dto/user-update.dto.ts +222 -0
  659. package/src/dto/verify-email.dto.ts +313 -0
  660. package/src/dto/verify-mfa-code.dto.ts +103 -0
  661. package/src/dto/verify-phone-by-sub.dto.ts +78 -0
  662. package/src/dto/verify-phone.dto.ts +245 -0
  663. package/src/entities/auth-audit.entity.ts +232 -0
  664. package/src/entities/challenge-session.entity.ts +116 -0
  665. package/src/entities/index.ts +29 -0
  666. package/src/entities/login-attempt.entity.ts +64 -0
  667. package/src/entities/mfa-device.entity.ts +151 -0
  668. package/src/entities/rate-limit.entity.ts +44 -0
  669. package/src/entities/session.entity.ts +180 -0
  670. package/src/entities/social-account.entity.ts +96 -0
  671. package/src/entities/storage-lock.entity.ts +39 -0
  672. package/src/entities/trusted-device.entity.ts +112 -0
  673. package/src/entities/user.entity.ts +243 -0
  674. package/src/entities/verification-token.entity.ts +141 -0
  675. package/src/enums/auth-audit-event-type.enum.ts +360 -0
  676. package/src/enums/error-codes.enum.ts +420 -0
  677. package/src/enums/mfa-method.enum.ts +97 -0
  678. package/src/enums/risk-factor.enum.ts +111 -0
  679. package/src/exceptions/nauth.exception.ts +231 -0
  680. package/src/handlers/auth.handler.ts +260 -0
  681. package/src/handlers/client-info.handler.ts +101 -0
  682. package/src/handlers/csrf.handler.ts +156 -0
  683. package/src/handlers/token-delivery.handler.ts +118 -0
  684. package/src/index.ts +118 -0
  685. package/src/interfaces/client-info.interface.ts +85 -0
  686. package/src/interfaces/config.interface.ts +2135 -0
  687. package/src/interfaces/entities.interface.ts +226 -0
  688. package/src/interfaces/index.ts +15 -0
  689. package/src/interfaces/logger.interface.ts +283 -0
  690. package/src/interfaces/mfa-provider.interface.ts +154 -0
  691. package/src/interfaces/oauth.interface.ts +148 -0
  692. package/src/interfaces/provider.interface.ts +47 -0
  693. package/src/interfaces/social-auth-provider.interface.ts +131 -0
  694. package/src/interfaces/storage-adapter.interface.ts +82 -0
  695. package/src/interfaces/template.interface.ts +510 -0
  696. package/src/interfaces/token-verifier.interface.ts +110 -0
  697. package/src/internal.ts +178 -0
  698. package/src/platform/interfaces.ts +299 -0
  699. package/src/schemas/auth-config.schema.ts +646 -0
  700. package/src/services/adaptive-mfa-decision.service.spec.ts +1058 -0
  701. package/src/services/adaptive-mfa-decision.service.ts +457 -0
  702. package/src/services/auth-audit.service.spec.ts +675 -0
  703. package/src/services/auth-audit.service.ts +558 -0
  704. package/src/services/auth-challenge-helper.service.spec.ts +3227 -0
  705. package/src/services/auth-challenge-helper.service.ts +825 -0
  706. package/src/services/auth-flow-context-builder.service.ts +520 -0
  707. package/src/services/auth-flow-rules.ts +202 -0
  708. package/src/services/auth-flow-state-definitions.ts +190 -0
  709. package/src/services/auth-flow-state-machine.service.ts +207 -0
  710. package/src/services/auth-flow-state-machine.types.ts +316 -0
  711. package/src/services/auth.service.spec.ts +4195 -0
  712. package/src/services/auth.service.ts +3727 -0
  713. package/src/services/challenge.service.spec.ts +1363 -0
  714. package/src/services/challenge.service.ts +696 -0
  715. package/src/services/client-info.service.spec.ts +572 -0
  716. package/src/services/client-info.service.ts +374 -0
  717. package/src/services/csrf.service.ts +54 -0
  718. package/src/services/email-verification.service.spec.ts +1229 -0
  719. package/src/services/email-verification.service.ts +578 -0
  720. package/src/services/geo-location.service.spec.ts +603 -0
  721. package/src/services/geo-location.service.ts +599 -0
  722. package/src/services/index.ts +13 -0
  723. package/src/services/jwt.service.spec.ts +882 -0
  724. package/src/services/jwt.service.ts +621 -0
  725. package/src/services/mfa-base.service.spec.ts +246 -0
  726. package/src/services/mfa-base.service.ts +611 -0
  727. package/src/services/mfa.service.spec.ts +693 -0
  728. package/src/services/mfa.service.ts +960 -0
  729. package/src/services/password.service.spec.ts +166 -0
  730. package/src/services/password.service.ts +309 -0
  731. package/src/services/phone-verification.service.spec.ts +1120 -0
  732. package/src/services/phone-verification.service.ts +751 -0
  733. package/src/services/risk-detection.service.spec.ts +1292 -0
  734. package/src/services/risk-detection.service.ts +1012 -0
  735. package/src/services/risk-scoring.service.spec.ts +204 -0
  736. package/src/services/risk-scoring.service.ts +131 -0
  737. package/src/services/session.service.spec.ts +1293 -0
  738. package/src/services/session.service.ts +803 -0
  739. package/src/services/social-account.service.spec.ts +725 -0
  740. package/src/services/social-auth-base.service.spec.ts +418 -0
  741. package/src/services/social-auth-base.service.ts +581 -0
  742. package/src/services/social-auth.service.spec.ts +238 -0
  743. package/src/services/social-auth.service.ts +436 -0
  744. package/src/services/social-provider-registry.service.spec.ts +238 -0
  745. package/src/services/social-provider-registry.service.ts +122 -0
  746. package/src/services/trusted-device.service.spec.ts +505 -0
  747. package/src/services/trusted-device.service.ts +339 -0
  748. package/src/storage/account-lockout-storage.service.spec.ts +310 -0
  749. package/src/storage/account-lockout-storage.service.ts +89 -0
  750. package/src/storage/index.ts +3 -0
  751. package/src/storage/memory-storage.adapter.ts +443 -0
  752. package/src/storage/rate-limit-storage.service.spec.ts +247 -0
  753. package/src/storage/rate-limit-storage.service.ts +38 -0
  754. package/src/templates/html-template.engine.spec.ts +161 -0
  755. package/src/templates/html-template.engine.ts +688 -0
  756. package/src/templates/index.ts +7 -0
  757. package/src/utils/common-passwords.spec.ts +230 -0
  758. package/src/utils/common-passwords.ts +170 -0
  759. package/src/utils/context-storage.ts +188 -0
  760. package/src/utils/cookie-names.util.ts +67 -0
  761. package/src/utils/cookies.util.ts +94 -0
  762. package/src/utils/index.ts +12 -0
  763. package/src/utils/ip-extractor.spec.ts +330 -0
  764. package/src/utils/ip-extractor.ts +220 -0
  765. package/src/utils/nauth-logger.spec.ts +388 -0
  766. package/src/utils/nauth-logger.ts +215 -0
  767. package/src/utils/pii-redactor.spec.ts +130 -0
  768. package/src/utils/pii-redactor.ts +288 -0
  769. package/src/utils/setup/get-repositories.ts +140 -0
  770. package/src/utils/setup/init-services.ts +422 -0
  771. package/src/utils/setup/init-social.ts +189 -0
  772. package/src/utils/setup/init-storage.ts +94 -0
  773. package/src/utils/setup/register-mfa.ts +165 -0
  774. package/src/utils/setup/run-nauth-migrations.ts +61 -0
  775. package/src/utils/token-delivery-policy.ts +38 -0
  776. package/src/validators/template.validator.ts +219 -0
  777. package/tsconfig.json +37 -0
  778. package/tsconfig.lint.json +6 -0
package/dist/schemas/auth-config.schema.d.ts ADDED
@@ -0,0 +1,3411 @@
1
+ import { z } from 'zod';
2
+ export declare const jwtConfigSchema: z.ZodEffects<z.ZodObject<{
3
+ algorithm: z.ZodOptional<z.ZodEnum<["HS256", "HS384", "HS512", "RS256", "RS384", "RS512"]>>;
4
+ accessToken: z.ZodObject<{
5
+ secret: z.ZodOptional<z.ZodString>;
6
+ privateKey: z.ZodOptional<z.ZodString>;
7
+ publicKey: z.ZodOptional<z.ZodString>;
8
+ expiresIn: z.ZodUnion<[z.ZodString, z.ZodNumber]>;
9
+ }, "strip", z.ZodTypeAny, {
10
+ expiresIn: string | number;
11
+ secret?: string | undefined;
12
+ publicKey?: string | undefined;
13
+ privateKey?: string | undefined;
14
+ }, {
15
+ expiresIn: string | number;
16
+ secret?: string | undefined;
17
+ publicKey?: string | undefined;
18
+ privateKey?: string | undefined;
19
+ }>;
20
+ refreshToken: z.ZodObject<{
21
+ secret: z.ZodString;
22
+ expiresIn: z.ZodUnion<[z.ZodString, z.ZodNumber]>;
23
+ rotation: z.ZodOptional<z.ZodBoolean>;
24
+ reuseDetection: z.ZodOptional<z.ZodBoolean>;
25
+ }, "strip", z.ZodTypeAny, {
26
+ expiresIn: string | number;
27
+ secret: string;
28
+ rotation?: boolean | undefined;
29
+ reuseDetection?: boolean | undefined;
30
+ }, {
31
+ expiresIn: string | number;
32
+ secret: string;
33
+ rotation?: boolean | undefined;
34
+ reuseDetection?: boolean | undefined;
35
+ }>;
36
+ issuer: z.ZodOptional<z.ZodString>;
37
+ audience: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
38
+ }, "strip", z.ZodTypeAny, {
39
+ accessToken: {
40
+ expiresIn: string | number;
41
+ secret?: string | undefined;
42
+ publicKey?: string | undefined;
43
+ privateKey?: string | undefined;
44
+ };
45
+ refreshToken: {
46
+ expiresIn: string | number;
47
+ secret: string;
48
+ rotation?: boolean | undefined;
49
+ reuseDetection?: boolean | undefined;
50
+ };
51
+ algorithm?: "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512" | undefined;
52
+ issuer?: string | undefined;
53
+ audience?: string | string[] | undefined;
54
+ }, {
55
+ accessToken: {
56
+ expiresIn: string | number;
57
+ secret?: string | undefined;
58
+ publicKey?: string | undefined;
59
+ privateKey?: string | undefined;
60
+ };
61
+ refreshToken: {
62
+ expiresIn: string | number;
63
+ secret: string;
64
+ rotation?: boolean | undefined;
65
+ reuseDetection?: boolean | undefined;
66
+ };
67
+ algorithm?: "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512" | undefined;
68
+ issuer?: string | undefined;
69
+ audience?: string | string[] | undefined;
70
+ }>, {
71
+ accessToken: {
72
+ expiresIn: string | number;
73
+ secret?: string | undefined;
74
+ publicKey?: string | undefined;
75
+ privateKey?: string | undefined;
76
+ };
77
+ refreshToken: {
78
+ expiresIn: string | number;
79
+ secret: string;
80
+ rotation?: boolean | undefined;
81
+ reuseDetection?: boolean | undefined;
82
+ };
83
+ algorithm?: "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512" | undefined;
84
+ issuer?: string | undefined;
85
+ audience?: string | string[] | undefined;
86
+ }, {
87
+ accessToken: {
88
+ expiresIn: string | number;
89
+ secret?: string | undefined;
90
+ publicKey?: string | undefined;
91
+ privateKey?: string | undefined;
92
+ };
93
+ refreshToken: {
94
+ expiresIn: string | number;
95
+ secret: string;
96
+ rotation?: boolean | undefined;
97
+ reuseDetection?: boolean | undefined;
98
+ };
99
+ algorithm?: "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512" | undefined;
100
+ issuer?: string | undefined;
101
+ audience?: string | string[] | undefined;
102
+ }>;
103
+ export declare const signupConfigSchema: z.ZodObject<{
104
+ enabled: z.ZodOptional<z.ZodBoolean>;
105
+ verificationMethod: z.ZodOptional<z.ZodEnum<["none", "email", "phone", "both"]>>;
106
+ allowDuplicatePhones: z.ZodOptional<z.ZodBoolean>;
107
+ emailVerification: z.ZodOptional<z.ZodObject<{
108
+ expiresIn: z.ZodOptional<z.ZodNumber>;
109
+ resendDelay: z.ZodOptional<z.ZodNumber>;
110
+ rateLimitMax: z.ZodOptional<z.ZodNumber>;
111
+ rateLimitWindow: z.ZodOptional<z.ZodNumber>;
112
+ maxAttemptsPerUser: z.ZodOptional<z.ZodNumber>;
113
+ maxAttemptsPerIP: z.ZodOptional<z.ZodNumber>;
114
+ attemptWindow: z.ZodOptional<z.ZodNumber>;
115
+ }, "strip", z.ZodTypeAny, {
116
+ expiresIn?: number | undefined;
117
+ resendDelay?: number | undefined;
118
+ rateLimitMax?: number | undefined;
119
+ rateLimitWindow?: number | undefined;
120
+ maxAttemptsPerUser?: number | undefined;
121
+ maxAttemptsPerIP?: number | undefined;
122
+ attemptWindow?: number | undefined;
123
+ }, {
124
+ expiresIn?: number | undefined;
125
+ resendDelay?: number | undefined;
126
+ rateLimitMax?: number | undefined;
127
+ rateLimitWindow?: number | undefined;
128
+ maxAttemptsPerUser?: number | undefined;
129
+ maxAttemptsPerIP?: number | undefined;
130
+ attemptWindow?: number | undefined;
131
+ }>>;
132
+ phoneVerification: z.ZodOptional<z.ZodObject<{
133
+ codeLength: z.ZodOptional<z.ZodNumber>;
134
+ expiresIn: z.ZodOptional<z.ZodNumber>;
135
+ maxAttempts: z.ZodOptional<z.ZodNumber>;
136
+ resendDelay: z.ZodOptional<z.ZodNumber>;
137
+ rateLimitMax: z.ZodOptional<z.ZodNumber>;
138
+ rateLimitWindow: z.ZodOptional<z.ZodNumber>;
139
+ maxAttemptsPerUser: z.ZodOptional<z.ZodNumber>;
140
+ maxAttemptsPerIP: z.ZodOptional<z.ZodNumber>;
141
+ attemptWindow: z.ZodOptional<z.ZodNumber>;
142
+ }, "strip", z.ZodTypeAny, {
143
+ expiresIn?: number | undefined;
144
+ maxAttempts?: number | undefined;
145
+ resendDelay?: number | undefined;
146
+ rateLimitMax?: number | undefined;
147
+ rateLimitWindow?: number | undefined;
148
+ maxAttemptsPerUser?: number | undefined;
149
+ maxAttemptsPerIP?: number | undefined;
150
+ attemptWindow?: number | undefined;
151
+ codeLength?: number | undefined;
152
+ }, {
153
+ expiresIn?: number | undefined;
154
+ maxAttempts?: number | undefined;
155
+ resendDelay?: number | undefined;
156
+ rateLimitMax?: number | undefined;
157
+ rateLimitWindow?: number | undefined;
158
+ maxAttemptsPerUser?: number | undefined;
159
+ maxAttemptsPerIP?: number | undefined;
160
+ attemptWindow?: number | undefined;
161
+ codeLength?: number | undefined;
162
+ }>>;
163
+ }, "strip", z.ZodTypeAny, {
164
+ verificationMethod?: "email" | "none" | "phone" | "both" | undefined;
165
+ enabled?: boolean | undefined;
166
+ allowDuplicatePhones?: boolean | undefined;
167
+ emailVerification?: {
168
+ expiresIn?: number | undefined;
169
+ resendDelay?: number | undefined;
170
+ rateLimitMax?: number | undefined;
171
+ rateLimitWindow?: number | undefined;
172
+ maxAttemptsPerUser?: number | undefined;
173
+ maxAttemptsPerIP?: number | undefined;
174
+ attemptWindow?: number | undefined;
175
+ } | undefined;
176
+ phoneVerification?: {
177
+ expiresIn?: number | undefined;
178
+ maxAttempts?: number | undefined;
179
+ resendDelay?: number | undefined;
180
+ rateLimitMax?: number | undefined;
181
+ rateLimitWindow?: number | undefined;
182
+ maxAttemptsPerUser?: number | undefined;
183
+ maxAttemptsPerIP?: number | undefined;
184
+ attemptWindow?: number | undefined;
185
+ codeLength?: number | undefined;
186
+ } | undefined;
187
+ }, {
188
+ verificationMethod?: "email" | "none" | "phone" | "both" | undefined;
189
+ enabled?: boolean | undefined;
190
+ allowDuplicatePhones?: boolean | undefined;
191
+ emailVerification?: {
192
+ expiresIn?: number | undefined;
193
+ resendDelay?: number | undefined;
194
+ rateLimitMax?: number | undefined;
195
+ rateLimitWindow?: number | undefined;
196
+ maxAttemptsPerUser?: number | undefined;
197
+ maxAttemptsPerIP?: number | undefined;
198
+ attemptWindow?: number | undefined;
199
+ } | undefined;
200
+ phoneVerification?: {
201
+ expiresIn?: number | undefined;
202
+ maxAttempts?: number | undefined;
203
+ resendDelay?: number | undefined;
204
+ rateLimitMax?: number | undefined;
205
+ rateLimitWindow?: number | undefined;
206
+ maxAttemptsPerUser?: number | undefined;
207
+ maxAttemptsPerIP?: number | undefined;
208
+ attemptWindow?: number | undefined;
209
+ codeLength?: number | undefined;
210
+ } | undefined;
211
+ }>;
212
+ export declare const loginConfigSchema: z.ZodObject<{
213
+ identifierType: z.ZodOptional<z.ZodEnum<["email", "username", "phone", "email_or_username"]>>;
214
+ }, "strip", z.ZodTypeAny, {
215
+ identifierType?: "email" | "phone" | "username" | "email_or_username" | undefined;
216
+ }, {
217
+ identifierType?: "email" | "phone" | "username" | "email_or_username" | undefined;
218
+ }>;
219
+ export declare const passwordConfigSchema: z.ZodObject<{
220
+ minLength: z.ZodOptional<z.ZodNumber>;
221
+ maxLength: z.ZodOptional<z.ZodNumber>;
222
+ requireUppercase: z.ZodOptional<z.ZodBoolean>;
223
+ requireLowercase: z.ZodOptional<z.ZodBoolean>;
224
+ requireNumbers: z.ZodOptional<z.ZodBoolean>;
225
+ requireSpecialChars: z.ZodOptional<z.ZodBoolean>;
226
+ specialChars: z.ZodOptional<z.ZodString>;
227
+ preventCommon: z.ZodOptional<z.ZodBoolean>;
228
+ preventUserInfo: z.ZodOptional<z.ZodBoolean>;
229
+ historyCount: z.ZodOptional<z.ZodNumber>;
230
+ expiryDays: z.ZodOptional<z.ZodNumber>;
231
+ }, "strip", z.ZodTypeAny, {
232
+ minLength?: number | undefined;
233
+ maxLength?: number | undefined;
234
+ requireUppercase?: boolean | undefined;
235
+ requireLowercase?: boolean | undefined;
236
+ requireNumbers?: boolean | undefined;
237
+ requireSpecialChars?: boolean | undefined;
238
+ specialChars?: string | undefined;
239
+ preventCommon?: boolean | undefined;
240
+ preventUserInfo?: boolean | undefined;
241
+ historyCount?: number | undefined;
242
+ expiryDays?: number | undefined;
243
+ }, {
244
+ minLength?: number | undefined;
245
+ maxLength?: number | undefined;
246
+ requireUppercase?: boolean | undefined;
247
+ requireLowercase?: boolean | undefined;
248
+ requireNumbers?: boolean | undefined;
249
+ requireSpecialChars?: boolean | undefined;
250
+ specialChars?: string | undefined;
251
+ preventCommon?: boolean | undefined;
252
+ preventUserInfo?: boolean | undefined;
253
+ historyCount?: number | undefined;
254
+ expiryDays?: number | undefined;
255
+ }>;
256
+ export declare const lockoutConfigSchema: z.ZodObject<{
257
+ enabled: z.ZodOptional<z.ZodBoolean>;
258
+ maxAttempts: z.ZodOptional<z.ZodNumber>;
259
+ duration: z.ZodOptional<z.ZodNumber>;
260
+ resetOnSuccess: z.ZodOptional<z.ZodBoolean>;
261
+ }, "strip", z.ZodTypeAny, {
262
+ duration?: number | undefined;
263
+ maxAttempts?: number | undefined;
264
+ enabled?: boolean | undefined;
265
+ resetOnSuccess?: boolean | undefined;
266
+ }, {
267
+ duration?: number | undefined;
268
+ maxAttempts?: number | undefined;
269
+ enabled?: boolean | undefined;
270
+ resetOnSuccess?: boolean | undefined;
271
+ }>;
272
+ export declare const sessionConfigSchema: z.ZodObject<{
273
+ maxConcurrent: z.ZodOptional<z.ZodNumber>;
274
+ disallowMultipleSessions: z.ZodOptional<z.ZodBoolean>;
275
+ maxLifetime: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodNumber]>>;
276
+ }, "strip", z.ZodTypeAny, {
277
+ maxConcurrent?: number | undefined;
278
+ disallowMultipleSessions?: boolean | undefined;
279
+ maxLifetime?: string | number | undefined;
280
+ }, {
281
+ maxConcurrent?: number | undefined;
282
+ disallowMultipleSessions?: boolean | undefined;
283
+ maxLifetime?: string | number | undefined;
284
+ }>;
285
+ export declare const securityConfigSchema: z.ZodObject<{
286
+ csrf: z.ZodOptional<z.ZodObject<{
287
+ cookieName: z.ZodOptional<z.ZodString>;
288
+ headerName: z.ZodOptional<z.ZodString>;
289
+ tokenLength: z.ZodOptional<z.ZodNumber>;
290
+ excludedPaths: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
291
+ cookieOptions: z.ZodOptional<z.ZodObject<{
292
+ secure: z.ZodOptional<z.ZodBoolean>;
293
+ sameSite: z.ZodOptional<z.ZodEnum<["strict", "lax", "none"]>>;
294
+ domain: z.ZodOptional<z.ZodString>;
295
+ path: z.ZodOptional<z.ZodString>;
296
+ }, "strip", z.ZodTypeAny, {
297
+ secure?: boolean | undefined;
298
+ sameSite?: "none" | "strict" | "lax" | undefined;
299
+ domain?: string | undefined;
300
+ path?: string | undefined;
301
+ }, {
302
+ secure?: boolean | undefined;
303
+ sameSite?: "none" | "strict" | "lax" | undefined;
304
+ domain?: string | undefined;
305
+ path?: string | undefined;
306
+ }>>;
307
+ }, "strip", z.ZodTypeAny, {
308
+ cookieName?: string | undefined;
309
+ headerName?: string | undefined;
310
+ tokenLength?: number | undefined;
311
+ excludedPaths?: string[] | undefined;
312
+ cookieOptions?: {
313
+ secure?: boolean | undefined;
314
+ sameSite?: "none" | "strict" | "lax" | undefined;
315
+ domain?: string | undefined;
316
+ path?: string | undefined;
317
+ } | undefined;
318
+ }, {
319
+ cookieName?: string | undefined;
320
+ headerName?: string | undefined;
321
+ tokenLength?: number | undefined;
322
+ excludedPaths?: string[] | undefined;
323
+ cookieOptions?: {
324
+ secure?: boolean | undefined;
325
+ sameSite?: "none" | "strict" | "lax" | undefined;
326
+ domain?: string | undefined;
327
+ path?: string | undefined;
328
+ } | undefined;
329
+ }>>;
330
+ }, "strip", z.ZodTypeAny, {
331
+ csrf?: {
332
+ cookieName?: string | undefined;
333
+ headerName?: string | undefined;
334
+ tokenLength?: number | undefined;
335
+ excludedPaths?: string[] | undefined;
336
+ cookieOptions?: {
337
+ secure?: boolean | undefined;
338
+ sameSite?: "none" | "strict" | "lax" | undefined;
339
+ domain?: string | undefined;
340
+ path?: string | undefined;
341
+ } | undefined;
342
+ } | undefined;
343
+ }, {
344
+ csrf?: {
345
+ cookieName?: string | undefined;
346
+ headerName?: string | undefined;
347
+ tokenLength?: number | undefined;
348
+ excludedPaths?: string[] | undefined;
349
+ cookieOptions?: {
350
+ secure?: boolean | undefined;
351
+ sameSite?: "none" | "strict" | "lax" | undefined;
352
+ domain?: string | undefined;
353
+ path?: string | undefined;
354
+ } | undefined;
355
+ } | undefined;
356
+ }>;
357
+ export declare const lifecycleHooksSchema: z.ZodObject<{
358
+ beforeSignup: z.ZodOptional<z.ZodAny>;
359
+ afterSignup: z.ZodOptional<z.ZodAny>;
360
+ beforeLogin: z.ZodOptional<z.ZodAny>;
361
+ afterLogin: z.ZodOptional<z.ZodAny>;
362
+ afterLoginFailed: z.ZodOptional<z.ZodAny>;
363
+ beforePasswordChange: z.ZodOptional<z.ZodAny>;
364
+ afterPasswordChange: z.ZodOptional<z.ZodAny>;
365
+ beforeAccountLock: z.ZodOptional<z.ZodAny>;
366
+ afterAccountLock: z.ZodOptional<z.ZodAny>;
367
+ onAdaptiveMFATriggered: z.ZodOptional<z.ZodAny>;
368
+ onSignInBlocked: z.ZodOptional<z.ZodAny>;
369
+ }, "strip", z.ZodTypeAny, {
370
+ onAdaptiveMFATriggered?: any;
371
+ onSignInBlocked?: any;
372
+ afterSignup?: any;
373
+ beforePasswordChange?: any;
374
+ afterPasswordChange?: any;
375
+ beforeSignup?: any;
376
+ beforeLogin?: any;
377
+ afterLogin?: any;
378
+ afterLoginFailed?: any;
379
+ beforeAccountLock?: any;
380
+ afterAccountLock?: any;
381
+ }, {
382
+ onAdaptiveMFATriggered?: any;
383
+ onSignInBlocked?: any;
384
+ afterSignup?: any;
385
+ beforePasswordChange?: any;
386
+ afterPasswordChange?: any;
387
+ beforeSignup?: any;
388
+ beforeLogin?: any;
389
+ afterLogin?: any;
390
+ afterLoginFailed?: any;
391
+ beforeAccountLock?: any;
392
+ afterAccountLock?: any;
393
+ }>;
394
+ export declare const emailConfigSchema: z.ZodObject<{
395
+ appName: z.ZodOptional<z.ZodString>;
396
+ companyName: z.ZodOptional<z.ZodString>;
397
+ logoUrl: z.ZodOptional<z.ZodString>;
398
+ supportEmail: z.ZodOptional<z.ZodString>;
399
+ dashboardUrl: z.ZodOptional<z.ZodString>;
400
+ brandColor: z.ZodOptional<z.ZodString>;
401
+ footerDisclaimer: z.ZodOptional<z.ZodString>;
402
+ templates: z.ZodOptional<z.ZodObject<{
403
+ engine: z.ZodOptional<z.ZodAny>;
404
+ globalVariables: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<[z.ZodString, z.ZodNumber, z.ZodBoolean]>>>;
405
+ customTemplates: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodObject<{
406
+ htmlPath: z.ZodOptional<z.ZodString>;
407
+ html: z.ZodOptional<z.ZodString>;
408
+ textPath: z.ZodOptional<z.ZodString>;
409
+ text: z.ZodOptional<z.ZodString>;
410
+ subject: z.ZodOptional<z.ZodString>;
411
+ }, "strip", z.ZodTypeAny, {
412
+ htmlPath?: string | undefined;
413
+ html?: string | undefined;
414
+ textPath?: string | undefined;
415
+ text?: string | undefined;
416
+ subject?: string | undefined;
417
+ }, {
418
+ htmlPath?: string | undefined;
419
+ html?: string | undefined;
420
+ textPath?: string | undefined;
421
+ text?: string | undefined;
422
+ subject?: string | undefined;
423
+ }>, {
424
+ htmlPath?: string | undefined;
425
+ html?: string | undefined;
426
+ textPath?: string | undefined;
427
+ text?: string | undefined;
428
+ subject?: string | undefined;
429
+ }, {
430
+ htmlPath?: string | undefined;
431
+ html?: string | undefined;
432
+ textPath?: string | undefined;
433
+ text?: string | undefined;
434
+ subject?: string | undefined;
435
+ }>, {
436
+ htmlPath?: string | undefined;
437
+ html?: string | undefined;
438
+ textPath?: string | undefined;
439
+ text?: string | undefined;
440
+ subject?: string | undefined;
441
+ }, {
442
+ htmlPath?: string | undefined;
443
+ html?: string | undefined;
444
+ textPath?: string | undefined;
445
+ text?: string | undefined;
446
+ subject?: string | undefined;
447
+ }>, {
448
+ htmlPath?: string | undefined;
449
+ html?: string | undefined;
450
+ textPath?: string | undefined;
451
+ text?: string | undefined;
452
+ subject?: string | undefined;
453
+ }, {
454
+ htmlPath?: string | undefined;
455
+ html?: string | undefined;
456
+ textPath?: string | undefined;
457
+ text?: string | undefined;
458
+ subject?: string | undefined;
459
+ }>>>;
460
+ }, "strip", z.ZodTypeAny, {
461
+ engine?: any;
462
+ globalVariables?: Record<string, string | number | boolean> | undefined;
463
+ customTemplates?: Record<string, {
464
+ htmlPath?: string | undefined;
465
+ html?: string | undefined;
466
+ textPath?: string | undefined;
467
+ text?: string | undefined;
468
+ subject?: string | undefined;
469
+ }> | undefined;
470
+ }, {
471
+ engine?: any;
472
+ globalVariables?: Record<string, string | number | boolean> | undefined;
473
+ customTemplates?: Record<string, {
474
+ htmlPath?: string | undefined;
475
+ html?: string | undefined;
476
+ textPath?: string | undefined;
477
+ text?: string | undefined;
478
+ subject?: string | undefined;
479
+ }> | undefined;
480
+ }>>;
481
+ }, "strip", z.ZodTypeAny, {
482
+ appName?: string | undefined;
483
+ companyName?: string | undefined;
484
+ brandColor?: string | undefined;
485
+ logoUrl?: string | undefined;
486
+ dashboardUrl?: string | undefined;
487
+ supportEmail?: string | undefined;
488
+ footerDisclaimer?: string | undefined;
489
+ templates?: {
490
+ engine?: any;
491
+ globalVariables?: Record<string, string | number | boolean> | undefined;
492
+ customTemplates?: Record<string, {
493
+ htmlPath?: string | undefined;
494
+ html?: string | undefined;
495
+ textPath?: string | undefined;
496
+ text?: string | undefined;
497
+ subject?: string | undefined;
498
+ }> | undefined;
499
+ } | undefined;
500
+ }, {
501
+ appName?: string | undefined;
502
+ companyName?: string | undefined;
503
+ brandColor?: string | undefined;
504
+ logoUrl?: string | undefined;
505
+ dashboardUrl?: string | undefined;
506
+ supportEmail?: string | undefined;
507
+ footerDisclaimer?: string | undefined;
508
+ templates?: {
509
+ engine?: any;
510
+ globalVariables?: Record<string, string | number | boolean> | undefined;
511
+ customTemplates?: Record<string, {
512
+ htmlPath?: string | undefined;
513
+ html?: string | undefined;
514
+ textPath?: string | undefined;
515
+ text?: string | undefined;
516
+ subject?: string | undefined;
517
+ }> | undefined;
518
+ } | undefined;
519
+ }>;
520
+ export declare const phoneConfigSchema: z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>;
521
+ export declare const socialProviderConfigSchema: z.ZodObject<{
522
+ enabled: z.ZodOptional<z.ZodBoolean>;
523
+ clientId: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
524
+ clientSecret: z.ZodOptional<z.ZodString>;
525
+ callbackUrl: z.ZodOptional<z.ZodString>;
526
+ scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
527
+ autoLink: z.ZodOptional<z.ZodBoolean>;
528
+ allowSignup: z.ZodOptional<z.ZodBoolean>;
529
+ }, "strip", z.ZodTypeAny, {
530
+ enabled?: boolean | undefined;
531
+ clientId?: string | string[] | undefined;
532
+ clientSecret?: string | undefined;
533
+ callbackUrl?: string | undefined;
534
+ scopes?: string[] | undefined;
535
+ autoLink?: boolean | undefined;
536
+ allowSignup?: boolean | undefined;
537
+ }, {
538
+ enabled?: boolean | undefined;
539
+ clientId?: string | string[] | undefined;
540
+ clientSecret?: string | undefined;
541
+ callbackUrl?: string | undefined;
542
+ scopes?: string[] | undefined;
543
+ autoLink?: boolean | undefined;
544
+ allowSignup?: boolean | undefined;
545
+ }>;
546
+ export declare const socialConfigSchema: z.ZodObject<{
547
+ google: z.ZodOptional<z.ZodObject<{
548
+ enabled: z.ZodOptional<z.ZodBoolean>;
549
+ clientId: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
550
+ clientSecret: z.ZodOptional<z.ZodString>;
551
+ callbackUrl: z.ZodOptional<z.ZodString>;
552
+ scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
553
+ autoLink: z.ZodOptional<z.ZodBoolean>;
554
+ allowSignup: z.ZodOptional<z.ZodBoolean>;
555
+ }, "strip", z.ZodTypeAny, {
556
+ enabled?: boolean | undefined;
557
+ clientId?: string | string[] | undefined;
558
+ clientSecret?: string | undefined;
559
+ callbackUrl?: string | undefined;
560
+ scopes?: string[] | undefined;
561
+ autoLink?: boolean | undefined;
562
+ allowSignup?: boolean | undefined;
563
+ }, {
564
+ enabled?: boolean | undefined;
565
+ clientId?: string | string[] | undefined;
566
+ clientSecret?: string | undefined;
567
+ callbackUrl?: string | undefined;
568
+ scopes?: string[] | undefined;
569
+ autoLink?: boolean | undefined;
570
+ allowSignup?: boolean | undefined;
571
+ }>>;
572
+ apple: z.ZodOptional<z.ZodObject<{
573
+ enabled: z.ZodOptional<z.ZodBoolean>;
574
+ clientId: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
575
+ clientSecret: z.ZodOptional<z.ZodString>;
576
+ callbackUrl: z.ZodOptional<z.ZodString>;
577
+ scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
578
+ autoLink: z.ZodOptional<z.ZodBoolean>;
579
+ allowSignup: z.ZodOptional<z.ZodBoolean>;
580
+ }, "strip", z.ZodTypeAny, {
581
+ enabled?: boolean | undefined;
582
+ clientId?: string | string[] | undefined;
583
+ clientSecret?: string | undefined;
584
+ callbackUrl?: string | undefined;
585
+ scopes?: string[] | undefined;
586
+ autoLink?: boolean | undefined;
587
+ allowSignup?: boolean | undefined;
588
+ }, {
589
+ enabled?: boolean | undefined;
590
+ clientId?: string | string[] | undefined;
591
+ clientSecret?: string | undefined;
592
+ callbackUrl?: string | undefined;
593
+ scopes?: string[] | undefined;
594
+ autoLink?: boolean | undefined;
595
+ allowSignup?: boolean | undefined;
596
+ }>>;
597
+ facebook: z.ZodOptional<z.ZodObject<{
598
+ enabled: z.ZodOptional<z.ZodBoolean>;
599
+ clientId: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
600
+ clientSecret: z.ZodOptional<z.ZodString>;
601
+ callbackUrl: z.ZodOptional<z.ZodString>;
602
+ scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
603
+ autoLink: z.ZodOptional<z.ZodBoolean>;
604
+ allowSignup: z.ZodOptional<z.ZodBoolean>;
605
+ }, "strip", z.ZodTypeAny, {
606
+ enabled?: boolean | undefined;
607
+ clientId?: string | string[] | undefined;
608
+ clientSecret?: string | undefined;
609
+ callbackUrl?: string | undefined;
610
+ scopes?: string[] | undefined;
611
+ autoLink?: boolean | undefined;
612
+ allowSignup?: boolean | undefined;
613
+ }, {
614
+ enabled?: boolean | undefined;
615
+ clientId?: string | string[] | undefined;
616
+ clientSecret?: string | undefined;
617
+ callbackUrl?: string | undefined;
618
+ scopes?: string[] | undefined;
619
+ autoLink?: boolean | undefined;
620
+ allowSignup?: boolean | undefined;
621
+ }>>;
622
+ }, "strip", z.ZodTypeAny, {
623
+ google?: {
624
+ enabled?: boolean | undefined;
625
+ clientId?: string | string[] | undefined;
626
+ clientSecret?: string | undefined;
627
+ callbackUrl?: string | undefined;
628
+ scopes?: string[] | undefined;
629
+ autoLink?: boolean | undefined;
630
+ allowSignup?: boolean | undefined;
631
+ } | undefined;
632
+ apple?: {
633
+ enabled?: boolean | undefined;
634
+ clientId?: string | string[] | undefined;
635
+ clientSecret?: string | undefined;
636
+ callbackUrl?: string | undefined;
637
+ scopes?: string[] | undefined;
638
+ autoLink?: boolean | undefined;
639
+ allowSignup?: boolean | undefined;
640
+ } | undefined;
641
+ facebook?: {
642
+ enabled?: boolean | undefined;
643
+ clientId?: string | string[] | undefined;
644
+ clientSecret?: string | undefined;
645
+ callbackUrl?: string | undefined;
646
+ scopes?: string[] | undefined;
647
+ autoLink?: boolean | undefined;
648
+ allowSignup?: boolean | undefined;
649
+ } | undefined;
650
+ }, {
651
+ google?: {
652
+ enabled?: boolean | undefined;
653
+ clientId?: string | string[] | undefined;
654
+ clientSecret?: string | undefined;
655
+ callbackUrl?: string | undefined;
656
+ scopes?: string[] | undefined;
657
+ autoLink?: boolean | undefined;
658
+ allowSignup?: boolean | undefined;
659
+ } | undefined;
660
+ apple?: {
661
+ enabled?: boolean | undefined;
662
+ clientId?: string | string[] | undefined;
663
+ clientSecret?: string | undefined;
664
+ callbackUrl?: string | undefined;
665
+ scopes?: string[] | undefined;
666
+ autoLink?: boolean | undefined;
667
+ allowSignup?: boolean | undefined;
668
+ } | undefined;
669
+ facebook?: {
670
+ enabled?: boolean | undefined;
671
+ clientId?: string | string[] | undefined;
672
+ clientSecret?: string | undefined;
673
+ callbackUrl?: string | undefined;
674
+ scopes?: string[] | undefined;
675
+ autoLink?: boolean | undefined;
676
+ allowSignup?: boolean | undefined;
677
+ } | undefined;
678
+ }>;
679
+ export declare const totpConfigSchema: z.ZodObject<{
680
+ window: z.ZodOptional<z.ZodNumber>;
681
+ stepSeconds: z.ZodOptional<z.ZodNumber>;
682
+ digits: z.ZodOptional<z.ZodNumber>;
683
+ algorithm: z.ZodOptional<z.ZodEnum<["sha1", "sha256", "sha512"]>>;
684
+ }, "strip", z.ZodTypeAny, {
685
+ algorithm?: "sha1" | "sha256" | "sha512" | undefined;
686
+ window?: number | undefined;
687
+ stepSeconds?: number | undefined;
688
+ digits?: number | undefined;
689
+ }, {
690
+ algorithm?: "sha1" | "sha256" | "sha512" | undefined;
691
+ window?: number | undefined;
692
+ stepSeconds?: number | undefined;
693
+ digits?: number | undefined;
694
+ }>;
695
+ export declare const passkeyConfigSchema: z.ZodObject<{
696
+ rpName: z.ZodString;
697
+ rpId: z.ZodString;
698
+ origin: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
699
+ timeout: z.ZodOptional<z.ZodNumber>;
700
+ userVerification: z.ZodOptional<z.ZodEnum<["required", "preferred", "discouraged"]>>;
701
+ authenticatorAttachment: z.ZodOptional<z.ZodEnum<["platform", "cross-platform"]>>;
702
+ }, "strip", z.ZodTypeAny, {
703
+ rpName: string;
704
+ rpId: string;
705
+ origin?: string | string[] | undefined;
706
+ timeout?: number | undefined;
707
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
708
+ authenticatorAttachment?: "platform" | "cross-platform" | undefined;
709
+ }, {
710
+ rpName: string;
711
+ rpId: string;
712
+ origin?: string | string[] | undefined;
713
+ timeout?: number | undefined;
714
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
715
+ authenticatorAttachment?: "platform" | "cross-platform" | undefined;
716
+ }>;
717
+ export declare const backupCodesConfigSchema: z.ZodObject<{
718
+ enabled: z.ZodOptional<z.ZodBoolean>;
719
+ codeCount: z.ZodOptional<z.ZodNumber>;
720
+ codeLength: z.ZodOptional<z.ZodNumber>;
721
+ }, "strip", z.ZodTypeAny, {
722
+ enabled?: boolean | undefined;
723
+ codeLength?: number | undefined;
724
+ codeCount?: number | undefined;
725
+ }, {
726
+ enabled?: boolean | undefined;
727
+ codeLength?: number | undefined;
728
+ codeCount?: number | undefined;
729
+ }>;
730
+ export declare const riskLevelConfigSchema: z.ZodObject<{
731
+ maxScore: z.ZodNumber;
732
+ action: z.ZodOptional<z.ZodEnum<["allow", "require_mfa", "block_signin"]>>;
733
+ notifyUser: z.ZodOptional<z.ZodBoolean>;
734
+ }, "strip", z.ZodTypeAny, {
735
+ maxScore: number;
736
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
737
+ notifyUser?: boolean | undefined;
738
+ }, {
739
+ maxScore: number;
740
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
741
+ notifyUser?: boolean | undefined;
742
+ }>;
743
+ export declare const adaptiveMFAConfigSchema: z.ZodObject<{
744
+ triggers: z.ZodOptional<z.ZodArray<z.ZodEnum<["new_device", "new_ip", "new_country", "impossible_travel", "suspicious_activity"]>, "many">>;
745
+ riskThreshold: z.ZodOptional<z.ZodNumber>;
746
+ riskWeights: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodNumber>>;
747
+ riskLevels: z.ZodOptional<z.ZodObject<{
748
+ low: z.ZodOptional<z.ZodObject<{
749
+ maxScore: z.ZodNumber;
750
+ action: z.ZodOptional<z.ZodEnum<["allow", "require_mfa", "block_signin"]>>;
751
+ notifyUser: z.ZodOptional<z.ZodBoolean>;
752
+ }, "strip", z.ZodTypeAny, {
753
+ maxScore: number;
754
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
755
+ notifyUser?: boolean | undefined;
756
+ }, {
757
+ maxScore: number;
758
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
759
+ notifyUser?: boolean | undefined;
760
+ }>>;
761
+ medium: z.ZodOptional<z.ZodObject<{
762
+ maxScore: z.ZodNumber;
763
+ action: z.ZodOptional<z.ZodEnum<["allow", "require_mfa", "block_signin"]>>;
764
+ notifyUser: z.ZodOptional<z.ZodBoolean>;
765
+ }, "strip", z.ZodTypeAny, {
766
+ maxScore: number;
767
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
768
+ notifyUser?: boolean | undefined;
769
+ }, {
770
+ maxScore: number;
771
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
772
+ notifyUser?: boolean | undefined;
773
+ }>>;
774
+ high: z.ZodOptional<z.ZodObject<{
775
+ maxScore: z.ZodNumber;
776
+ action: z.ZodOptional<z.ZodEnum<["allow", "require_mfa", "block_signin"]>>;
777
+ notifyUser: z.ZodOptional<z.ZodBoolean>;
778
+ }, "strip", z.ZodTypeAny, {
779
+ maxScore: number;
780
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
781
+ notifyUser?: boolean | undefined;
782
+ }, {
783
+ maxScore: number;
784
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
785
+ notifyUser?: boolean | undefined;
786
+ }>>;
787
+ }, "strip", z.ZodTypeAny, {
788
+ low?: {
789
+ maxScore: number;
790
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
791
+ notifyUser?: boolean | undefined;
792
+ } | undefined;
793
+ medium?: {
794
+ maxScore: number;
795
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
796
+ notifyUser?: boolean | undefined;
797
+ } | undefined;
798
+ high?: {
799
+ maxScore: number;
800
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
801
+ notifyUser?: boolean | undefined;
802
+ } | undefined;
803
+ }, {
804
+ low?: {
805
+ maxScore: number;
806
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
807
+ notifyUser?: boolean | undefined;
808
+ } | undefined;
809
+ medium?: {
810
+ maxScore: number;
811
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
812
+ notifyUser?: boolean | undefined;
813
+ } | undefined;
814
+ high?: {
815
+ maxScore: number;
816
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
817
+ notifyUser?: boolean | undefined;
818
+ } | undefined;
819
+ }>>;
820
+ blockedSignIn: z.ZodOptional<z.ZodObject<{
821
+ blockDuration: z.ZodOptional<z.ZodNumber>;
822
+ message: z.ZodOptional<z.ZodString>;
823
+ errorCode: z.ZodOptional<z.ZodString>;
824
+ }, "strip", z.ZodTypeAny, {
825
+ message?: string | undefined;
826
+ blockDuration?: number | undefined;
827
+ errorCode?: string | undefined;
828
+ }, {
829
+ message?: string | undefined;
830
+ blockDuration?: number | undefined;
831
+ errorCode?: string | undefined;
832
+ }>>;
833
+ maxTravelSpeed: z.ZodOptional<z.ZodNumber>;
834
+ countryChangeThreshold: z.ZodOptional<z.ZodNumber>;
835
+ suspiciousActivityWindow: z.ZodOptional<z.ZodNumber>;
836
+ }, "strip", z.ZodTypeAny, {
837
+ triggers?: ("new_device" | "new_ip" | "new_country" | "impossible_travel" | "suspicious_activity")[] | undefined;
838
+ riskThreshold?: number | undefined;
839
+ riskWeights?: Record<string, number> | undefined;
840
+ riskLevels?: {
841
+ low?: {
842
+ maxScore: number;
843
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
844
+ notifyUser?: boolean | undefined;
845
+ } | undefined;
846
+ medium?: {
847
+ maxScore: number;
848
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
849
+ notifyUser?: boolean | undefined;
850
+ } | undefined;
851
+ high?: {
852
+ maxScore: number;
853
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
854
+ notifyUser?: boolean | undefined;
855
+ } | undefined;
856
+ } | undefined;
857
+ blockedSignIn?: {
858
+ message?: string | undefined;
859
+ blockDuration?: number | undefined;
860
+ errorCode?: string | undefined;
861
+ } | undefined;
862
+ maxTravelSpeed?: number | undefined;
863
+ countryChangeThreshold?: number | undefined;
864
+ suspiciousActivityWindow?: number | undefined;
865
+ }, {
866
+ triggers?: ("new_device" | "new_ip" | "new_country" | "impossible_travel" | "suspicious_activity")[] | undefined;
867
+ riskThreshold?: number | undefined;
868
+ riskWeights?: Record<string, number> | undefined;
869
+ riskLevels?: {
870
+ low?: {
871
+ maxScore: number;
872
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
873
+ notifyUser?: boolean | undefined;
874
+ } | undefined;
875
+ medium?: {
876
+ maxScore: number;
877
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
878
+ notifyUser?: boolean | undefined;
879
+ } | undefined;
880
+ high?: {
881
+ maxScore: number;
882
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
883
+ notifyUser?: boolean | undefined;
884
+ } | undefined;
885
+ } | undefined;
886
+ blockedSignIn?: {
887
+ message?: string | undefined;
888
+ blockDuration?: number | undefined;
889
+ errorCode?: string | undefined;
890
+ } | undefined;
891
+ maxTravelSpeed?: number | undefined;
892
+ countryChangeThreshold?: number | undefined;
893
+ suspiciousActivityWindow?: number | undefined;
894
+ }>;
895
+ export declare const mfaConfigSchema: z.ZodObject<{
896
+ enabled: z.ZodOptional<z.ZodBoolean>;
897
+ enforcement: z.ZodOptional<z.ZodEnum<["OPTIONAL", "REQUIRED", "ADAPTIVE"]>>;
898
+ gracePeriod: z.ZodOptional<z.ZodNumber>;
899
+ allowedMethods: z.ZodOptional<z.ZodArray<z.ZodEnum<["totp", "sms", "email", "passkey"]>, "many">>;
900
+ requireForSocialLogin: z.ZodOptional<z.ZodBoolean>;
901
+ rememberDevices: z.ZodOptional<z.ZodEnum<["always", "user_opt_in", "never"]>>;
902
+ rememberDeviceDays: z.ZodOptional<z.ZodNumber>;
903
+ bypassMFAForTrustedDevices: z.ZodOptional<z.ZodBoolean>;
904
+ issuer: z.ZodOptional<z.ZodString>;
905
+ totp: z.ZodOptional<z.ZodObject<{
906
+ window: z.ZodOptional<z.ZodNumber>;
907
+ stepSeconds: z.ZodOptional<z.ZodNumber>;
908
+ digits: z.ZodOptional<z.ZodNumber>;
909
+ algorithm: z.ZodOptional<z.ZodEnum<["sha1", "sha256", "sha512"]>>;
910
+ }, "strip", z.ZodTypeAny, {
911
+ algorithm?: "sha1" | "sha256" | "sha512" | undefined;
912
+ window?: number | undefined;
913
+ stepSeconds?: number | undefined;
914
+ digits?: number | undefined;
915
+ }, {
916
+ algorithm?: "sha1" | "sha256" | "sha512" | undefined;
917
+ window?: number | undefined;
918
+ stepSeconds?: number | undefined;
919
+ digits?: number | undefined;
920
+ }>>;
921
+ passkey: z.ZodOptional<z.ZodObject<{
922
+ rpName: z.ZodString;
923
+ rpId: z.ZodString;
924
+ origin: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
925
+ timeout: z.ZodOptional<z.ZodNumber>;
926
+ userVerification: z.ZodOptional<z.ZodEnum<["required", "preferred", "discouraged"]>>;
927
+ authenticatorAttachment: z.ZodOptional<z.ZodEnum<["platform", "cross-platform"]>>;
928
+ }, "strip", z.ZodTypeAny, {
929
+ rpName: string;
930
+ rpId: string;
931
+ origin?: string | string[] | undefined;
932
+ timeout?: number | undefined;
933
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
934
+ authenticatorAttachment?: "platform" | "cross-platform" | undefined;
935
+ }, {
936
+ rpName: string;
937
+ rpId: string;
938
+ origin?: string | string[] | undefined;
939
+ timeout?: number | undefined;
940
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
941
+ authenticatorAttachment?: "platform" | "cross-platform" | undefined;
942
+ }>>;
943
+ backup: z.ZodOptional<z.ZodObject<{
944
+ enabled: z.ZodOptional<z.ZodBoolean>;
945
+ codeCount: z.ZodOptional<z.ZodNumber>;
946
+ codeLength: z.ZodOptional<z.ZodNumber>;
947
+ }, "strip", z.ZodTypeAny, {
948
+ enabled?: boolean | undefined;
949
+ codeLength?: number | undefined;
950
+ codeCount?: number | undefined;
951
+ }, {
952
+ enabled?: boolean | undefined;
953
+ codeLength?: number | undefined;
954
+ codeCount?: number | undefined;
955
+ }>>;
956
+ adaptive: z.ZodOptional<z.ZodObject<{
957
+ triggers: z.ZodOptional<z.ZodArray<z.ZodEnum<["new_device", "new_ip", "new_country", "impossible_travel", "suspicious_activity"]>, "many">>;
958
+ riskThreshold: z.ZodOptional<z.ZodNumber>;
959
+ riskWeights: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodNumber>>;
960
+ riskLevels: z.ZodOptional<z.ZodObject<{
961
+ low: z.ZodOptional<z.ZodObject<{
962
+ maxScore: z.ZodNumber;
963
+ action: z.ZodOptional<z.ZodEnum<["allow", "require_mfa", "block_signin"]>>;
964
+ notifyUser: z.ZodOptional<z.ZodBoolean>;
965
+ }, "strip", z.ZodTypeAny, {
966
+ maxScore: number;
967
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
968
+ notifyUser?: boolean | undefined;
969
+ }, {
970
+ maxScore: number;
971
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
972
+ notifyUser?: boolean | undefined;
973
+ }>>;
974
+ medium: z.ZodOptional<z.ZodObject<{
975
+ maxScore: z.ZodNumber;
976
+ action: z.ZodOptional<z.ZodEnum<["allow", "require_mfa", "block_signin"]>>;
977
+ notifyUser: z.ZodOptional<z.ZodBoolean>;
978
+ }, "strip", z.ZodTypeAny, {
979
+ maxScore: number;
980
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
981
+ notifyUser?: boolean | undefined;
982
+ }, {
983
+ maxScore: number;
984
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
985
+ notifyUser?: boolean | undefined;
986
+ }>>;
987
+ high: z.ZodOptional<z.ZodObject<{
988
+ maxScore: z.ZodNumber;
989
+ action: z.ZodOptional<z.ZodEnum<["allow", "require_mfa", "block_signin"]>>;
990
+ notifyUser: z.ZodOptional<z.ZodBoolean>;
991
+ }, "strip", z.ZodTypeAny, {
992
+ maxScore: number;
993
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
994
+ notifyUser?: boolean | undefined;
995
+ }, {
996
+ maxScore: number;
997
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
998
+ notifyUser?: boolean | undefined;
999
+ }>>;
1000
+ }, "strip", z.ZodTypeAny, {
1001
+ low?: {
1002
+ maxScore: number;
1003
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
1004
+ notifyUser?: boolean | undefined;
1005
+ } | undefined;
1006
+ medium?: {
1007
+ maxScore: number;
1008
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
1009
+ notifyUser?: boolean | undefined;
1010
+ } | undefined;
1011
+ high?: {
1012
+ maxScore: number;
1013
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
1014
+ notifyUser?: boolean | undefined;
1015
+ } | undefined;
1016
+ }, {
1017
+ low?: {
1018
+ maxScore: number;
1019
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
1020
+ notifyUser?: boolean | undefined;
1021
+ } | undefined;
1022
+ medium?: {
1023
+ maxScore: number;
1024
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
1025
+ notifyUser?: boolean | undefined;
1026
+ } | undefined;
1027
+ high?: {
1028
+ maxScore: number;
1029
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
1030
+ notifyUser?: boolean | undefined;
1031
+ } | undefined;
1032
+ }>>;
1033
+ blockedSignIn: z.ZodOptional<z.ZodObject<{
1034
+ blockDuration: z.ZodOptional<z.ZodNumber>;
1035
+ message: z.ZodOptional<z.ZodString>;
1036
+ errorCode: z.ZodOptional<z.ZodString>;
1037
+ }, "strip", z.ZodTypeAny, {
1038
+ message?: string | undefined;
1039
+ blockDuration?: number | undefined;
1040
+ errorCode?: string | undefined;
1041
+ }, {
1042
+ message?: string | undefined;
1043
+ blockDuration?: number | undefined;
1044
+ errorCode?: string | undefined;
1045
+ }>>;
1046
+ maxTravelSpeed: z.ZodOptional<z.ZodNumber>;
1047
+ countryChangeThreshold: z.ZodOptional<z.ZodNumber>;
1048
+ suspiciousActivityWindow: z.ZodOptional<z.ZodNumber>;
1049
+ }, "strip", z.ZodTypeAny, {
1050
+ triggers?: ("new_device" | "new_ip" | "new_country" | "impossible_travel" | "suspicious_activity")[] | undefined;
1051
+ riskThreshold?: number | undefined;
1052
+ riskWeights?: Record<string, number> | undefined;
1053
+ riskLevels?: {
1054
+ low?: {
1055
+ maxScore: number;
1056
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
1057
+ notifyUser?: boolean | undefined;
1058
+ } | undefined;
1059
+ medium?: {
1060
+ maxScore: number;
1061
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
1062
+ notifyUser?: boolean | undefined;
1063
+ } | undefined;
1064
+ high?: {
1065
+ maxScore: number;
1066
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
1067
+ notifyUser?: boolean | undefined;
1068
+ } | undefined;
1069
+ } | undefined;
1070
+ blockedSignIn?: {
1071
+ message?: string | undefined;
1072
+ blockDuration?: number | undefined;
1073
+ errorCode?: string | undefined;
1074
+ } | undefined;
1075
+ maxTravelSpeed?: number | undefined;
1076
+ countryChangeThreshold?: number | undefined;
1077
+ suspiciousActivityWindow?: number | undefined;
1078
+ }, {
1079
+ triggers?: ("new_device" | "new_ip" | "new_country" | "impossible_travel" | "suspicious_activity")[] | undefined;
1080
+ riskThreshold?: number | undefined;
1081
+ riskWeights?: Record<string, number> | undefined;
1082
+ riskLevels?: {
1083
+ low?: {
1084
+ maxScore: number;
1085
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
1086
+ notifyUser?: boolean | undefined;
1087
+ } | undefined;
1088
+ medium?: {
1089
+ maxScore: number;
1090
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
1091
+ notifyUser?: boolean | undefined;
1092
+ } | undefined;
1093
+ high?: {
1094
+ maxScore: number;
1095
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
1096
+ notifyUser?: boolean | undefined;
1097
+ } | undefined;
1098
+ } | undefined;
1099
+ blockedSignIn?: {
1100
+ message?: string | undefined;
1101
+ blockDuration?: number | undefined;
1102
+ errorCode?: string | undefined;
1103
+ } | undefined;
1104
+ maxTravelSpeed?: number | undefined;
1105
+ countryChangeThreshold?: number | undefined;
1106
+ suspiciousActivityWindow?: number | undefined;
1107
+ }>>;
1108
+ }, "strip", z.ZodTypeAny, {
1109
+ totp?: {
1110
+ algorithm?: "sha1" | "sha256" | "sha512" | undefined;
1111
+ window?: number | undefined;
1112
+ stepSeconds?: number | undefined;
1113
+ digits?: number | undefined;
1114
+ } | undefined;
1115
+ passkey?: {
1116
+ rpName: string;
1117
+ rpId: string;
1118
+ origin?: string | string[] | undefined;
1119
+ timeout?: number | undefined;
1120
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
1121
+ authenticatorAttachment?: "platform" | "cross-platform" | undefined;
1122
+ } | undefined;
1123
+ backup?: {
1124
+ enabled?: boolean | undefined;
1125
+ codeLength?: number | undefined;
1126
+ codeCount?: number | undefined;
1127
+ } | undefined;
1128
+ rememberDevices?: "always" | "user_opt_in" | "never" | undefined;
1129
+ enabled?: boolean | undefined;
1130
+ requireForSocialLogin?: boolean | undefined;
1131
+ allowedMethods?: ("totp" | "sms" | "email" | "passkey")[] | undefined;
1132
+ bypassMFAForTrustedDevices?: boolean | undefined;
1133
+ rememberDeviceDays?: number | undefined;
1134
+ issuer?: string | undefined;
1135
+ enforcement?: "OPTIONAL" | "REQUIRED" | "ADAPTIVE" | undefined;
1136
+ gracePeriod?: number | undefined;
1137
+ adaptive?: {
1138
+ triggers?: ("new_device" | "new_ip" | "new_country" | "impossible_travel" | "suspicious_activity")[] | undefined;
1139
+ riskThreshold?: number | undefined;
1140
+ riskWeights?: Record<string, number> | undefined;
1141
+ riskLevels?: {
1142
+ low?: {
1143
+ maxScore: number;
1144
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
1145
+ notifyUser?: boolean | undefined;
1146
+ } | undefined;
1147
+ medium?: {
1148
+ maxScore: number;
1149
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
1150
+ notifyUser?: boolean | undefined;
1151
+ } | undefined;
1152
+ high?: {
1153
+ maxScore: number;
1154
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
1155
+ notifyUser?: boolean | undefined;
1156
+ } | undefined;
1157
+ } | undefined;
1158
+ blockedSignIn?: {
1159
+ message?: string | undefined;
1160
+ blockDuration?: number | undefined;
1161
+ errorCode?: string | undefined;
1162
+ } | undefined;
1163
+ maxTravelSpeed?: number | undefined;
1164
+ countryChangeThreshold?: number | undefined;
1165
+ suspiciousActivityWindow?: number | undefined;
1166
+ } | undefined;
1167
+ }, {
1168
+ totp?: {
1169
+ algorithm?: "sha1" | "sha256" | "sha512" | undefined;
1170
+ window?: number | undefined;
1171
+ stepSeconds?: number | undefined;
1172
+ digits?: number | undefined;
1173
+ } | undefined;
1174
+ passkey?: {
1175
+ rpName: string;
1176
+ rpId: string;
1177
+ origin?: string | string[] | undefined;
1178
+ timeout?: number | undefined;
1179
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
1180
+ authenticatorAttachment?: "platform" | "cross-platform" | undefined;
1181
+ } | undefined;
1182
+ backup?: {
1183
+ enabled?: boolean | undefined;
1184
+ codeLength?: number | undefined;
1185
+ codeCount?: number | undefined;
1186
+ } | undefined;
1187
+ rememberDevices?: "always" | "user_opt_in" | "never" | undefined;
1188
+ enabled?: boolean | undefined;
1189
+ requireForSocialLogin?: boolean | undefined;
1190
+ allowedMethods?: ("totp" | "sms" | "email" | "passkey")[] | undefined;
1191
+ bypassMFAForTrustedDevices?: boolean | undefined;
1192
+ rememberDeviceDays?: number | undefined;
1193
+ issuer?: string | undefined;
1194
+ enforcement?: "OPTIONAL" | "REQUIRED" | "ADAPTIVE" | undefined;
1195
+ gracePeriod?: number | undefined;
1196
+ adaptive?: {
1197
+ triggers?: ("new_device" | "new_ip" | "new_country" | "impossible_travel" | "suspicious_activity")[] | undefined;
1198
+ riskThreshold?: number | undefined;
1199
+ riskWeights?: Record<string, number> | undefined;
1200
+ riskLevels?: {
1201
+ low?: {
1202
+ maxScore: number;
1203
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
1204
+ notifyUser?: boolean | undefined;
1205
+ } | undefined;
1206
+ medium?: {
1207
+ maxScore: number;
1208
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
1209
+ notifyUser?: boolean | undefined;
1210
+ } | undefined;
1211
+ high?: {
1212
+ maxScore: number;
1213
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
1214
+ notifyUser?: boolean | undefined;
1215
+ } | undefined;
1216
+ } | undefined;
1217
+ blockedSignIn?: {
1218
+ message?: string | undefined;
1219
+ blockDuration?: number | undefined;
1220
+ errorCode?: string | undefined;
1221
+ } | undefined;
1222
+ maxTravelSpeed?: number | undefined;
1223
+ countryChangeThreshold?: number | undefined;
1224
+ suspiciousActivityWindow?: number | undefined;
1225
+ } | undefined;
1226
+ }>;
1227
+ export declare const tokenDeliveryConfigSchema: z.ZodObject<{
1228
+ method: z.ZodOptional<z.ZodEnum<["json", "cookies", "hybrid"]>>;
1229
+ cookieNamePrefix: z.ZodOptional<z.ZodString>;
1230
+ cookieOptions: z.ZodOptional<z.ZodObject<{
1231
+ secure: z.ZodOptional<z.ZodBoolean>;
1232
+ sameSite: z.ZodOptional<z.ZodEnum<["strict", "lax", "none"]>>;
1233
+ path: z.ZodOptional<z.ZodString>;
1234
+ domain: z.ZodOptional<z.ZodString>;
1235
+ }, "strip", z.ZodTypeAny, {
1236
+ secure?: boolean | undefined;
1237
+ sameSite?: "none" | "strict" | "lax" | undefined;
1238
+ domain?: string | undefined;
1239
+ path?: string | undefined;
1240
+ }, {
1241
+ secure?: boolean | undefined;
1242
+ sameSite?: "none" | "strict" | "lax" | undefined;
1243
+ domain?: string | undefined;
1244
+ path?: string | undefined;
1245
+ }>>;
1246
+ hybridPolicy: z.ZodOptional<z.ZodObject<{
1247
+ webOrigins: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1248
+ nativeOrigins: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1249
+ }, "strip", z.ZodTypeAny, {
1250
+ webOrigins?: string[] | undefined;
1251
+ nativeOrigins?: string[] | undefined;
1252
+ }, {
1253
+ webOrigins?: string[] | undefined;
1254
+ nativeOrigins?: string[] | undefined;
1255
+ }>>;
1256
+ }, "strip", z.ZodTypeAny, {
1257
+ method?: "json" | "cookies" | "hybrid" | undefined;
1258
+ cookieOptions?: {
1259
+ secure?: boolean | undefined;
1260
+ sameSite?: "none" | "strict" | "lax" | undefined;
1261
+ domain?: string | undefined;
1262
+ path?: string | undefined;
1263
+ } | undefined;
1264
+ cookieNamePrefix?: string | undefined;
1265
+ hybridPolicy?: {
1266
+ webOrigins?: string[] | undefined;
1267
+ nativeOrigins?: string[] | undefined;
1268
+ } | undefined;
1269
+ }, {
1270
+ method?: "json" | "cookies" | "hybrid" | undefined;
1271
+ cookieOptions?: {
1272
+ secure?: boolean | undefined;
1273
+ sameSite?: "none" | "strict" | "lax" | undefined;
1274
+ domain?: string | undefined;
1275
+ path?: string | undefined;
1276
+ } | undefined;
1277
+ cookieNamePrefix?: string | undefined;
1278
+ hybridPolicy?: {
1279
+ webOrigins?: string[] | undefined;
1280
+ nativeOrigins?: string[] | undefined;
1281
+ } | undefined;
1282
+ }>;
1283
+ export declare const challengeConfigSchema: z.ZodObject<{
1284
+ maxAttempts: z.ZodOptional<z.ZodNumber>;
1285
+ }, "strip", z.ZodTypeAny, {
1286
+ maxAttempts?: number | undefined;
1287
+ }, {
1288
+ maxAttempts?: number | undefined;
1289
+ }>;
1290
+ export declare const geoLocationConfigSchema: z.ZodObject<{
1291
+ maxMind: z.ZodOptional<z.ZodObject<{
1292
+ dbPath: z.ZodOptional<z.ZodString>;
1293
+ skipDownloads: z.ZodOptional<z.ZodBoolean>;
1294
+ licenseKey: z.ZodOptional<z.ZodString>;
1295
+ accountId: z.ZodOptional<z.ZodNumber>;
1296
+ autoDownloadOnStartup: z.ZodOptional<z.ZodBoolean>;
1297
+ editions: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1298
+ }, "strip", z.ZodTypeAny, {
1299
+ dbPath?: string | undefined;
1300
+ skipDownloads?: boolean | undefined;
1301
+ licenseKey?: string | undefined;
1302
+ accountId?: number | undefined;
1303
+ autoDownloadOnStartup?: boolean | undefined;
1304
+ editions?: string[] | undefined;
1305
+ }, {
1306
+ dbPath?: string | undefined;
1307
+ skipDownloads?: boolean | undefined;
1308
+ licenseKey?: string | undefined;
1309
+ accountId?: number | undefined;
1310
+ autoDownloadOnStartup?: boolean | undefined;
1311
+ editions?: string[] | undefined;
1312
+ }>>;
1313
+ }, "strip", z.ZodTypeAny, {
1314
+ maxMind?: {
1315
+ dbPath?: string | undefined;
1316
+ skipDownloads?: boolean | undefined;
1317
+ licenseKey?: string | undefined;
1318
+ accountId?: number | undefined;
1319
+ autoDownloadOnStartup?: boolean | undefined;
1320
+ editions?: string[] | undefined;
1321
+ } | undefined;
1322
+ }, {
1323
+ maxMind?: {
1324
+ dbPath?: string | undefined;
1325
+ skipDownloads?: boolean | undefined;
1326
+ licenseKey?: string | undefined;
1327
+ accountId?: number | undefined;
1328
+ autoDownloadOnStartup?: boolean | undefined;
1329
+ editions?: string[] | undefined;
1330
+ } | undefined;
1331
+ }>;
1332
+ export declare const authConfigSchema: z.ZodEffects<z.ZodObject<{
1333
+ tablePrefix: z.ZodOptional<z.ZodString>;
1334
+ jwt: z.ZodEffects<z.ZodObject<{
1335
+ algorithm: z.ZodOptional<z.ZodEnum<["HS256", "HS384", "HS512", "RS256", "RS384", "RS512"]>>;
1336
+ accessToken: z.ZodObject<{
1337
+ secret: z.ZodOptional<z.ZodString>;
1338
+ privateKey: z.ZodOptional<z.ZodString>;
1339
+ publicKey: z.ZodOptional<z.ZodString>;
1340
+ expiresIn: z.ZodUnion<[z.ZodString, z.ZodNumber]>;
1341
+ }, "strip", z.ZodTypeAny, {
1342
+ expiresIn: string | number;
1343
+ secret?: string | undefined;
1344
+ publicKey?: string | undefined;
1345
+ privateKey?: string | undefined;
1346
+ }, {
1347
+ expiresIn: string | number;
1348
+ secret?: string | undefined;
1349
+ publicKey?: string | undefined;
1350
+ privateKey?: string | undefined;
1351
+ }>;
1352
+ refreshToken: z.ZodObject<{
1353
+ secret: z.ZodString;
1354
+ expiresIn: z.ZodUnion<[z.ZodString, z.ZodNumber]>;
1355
+ rotation: z.ZodOptional<z.ZodBoolean>;
1356
+ reuseDetection: z.ZodOptional<z.ZodBoolean>;
1357
+ }, "strip", z.ZodTypeAny, {
1358
+ expiresIn: string | number;
1359
+ secret: string;
1360
+ rotation?: boolean | undefined;
1361
+ reuseDetection?: boolean | undefined;
1362
+ }, {
1363
+ expiresIn: string | number;
1364
+ secret: string;
1365
+ rotation?: boolean | undefined;
1366
+ reuseDetection?: boolean | undefined;
1367
+ }>;
1368
+ issuer: z.ZodOptional<z.ZodString>;
1369
+ audience: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
1370
+ }, "strip", z.ZodTypeAny, {
1371
+ accessToken: {
1372
+ expiresIn: string | number;
1373
+ secret?: string | undefined;
1374
+ publicKey?: string | undefined;
1375
+ privateKey?: string | undefined;
1376
+ };
1377
+ refreshToken: {
1378
+ expiresIn: string | number;
1379
+ secret: string;
1380
+ rotation?: boolean | undefined;
1381
+ reuseDetection?: boolean | undefined;
1382
+ };
1383
+ algorithm?: "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512" | undefined;
1384
+ issuer?: string | undefined;
1385
+ audience?: string | string[] | undefined;
1386
+ }, {
1387
+ accessToken: {
1388
+ expiresIn: string | number;
1389
+ secret?: string | undefined;
1390
+ publicKey?: string | undefined;
1391
+ privateKey?: string | undefined;
1392
+ };
1393
+ refreshToken: {
1394
+ expiresIn: string | number;
1395
+ secret: string;
1396
+ rotation?: boolean | undefined;
1397
+ reuseDetection?: boolean | undefined;
1398
+ };
1399
+ algorithm?: "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512" | undefined;
1400
+ issuer?: string | undefined;
1401
+ audience?: string | string[] | undefined;
1402
+ }>, {
1403
+ accessToken: {
1404
+ expiresIn: string | number;
1405
+ secret?: string | undefined;
1406
+ publicKey?: string | undefined;
1407
+ privateKey?: string | undefined;
1408
+ };
1409
+ refreshToken: {
1410
+ expiresIn: string | number;
1411
+ secret: string;
1412
+ rotation?: boolean | undefined;
1413
+ reuseDetection?: boolean | undefined;
1414
+ };
1415
+ algorithm?: "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512" | undefined;
1416
+ issuer?: string | undefined;
1417
+ audience?: string | string[] | undefined;
1418
+ }, {
1419
+ accessToken: {
1420
+ expiresIn: string | number;
1421
+ secret?: string | undefined;
1422
+ publicKey?: string | undefined;
1423
+ privateKey?: string | undefined;
1424
+ };
1425
+ refreshToken: {
1426
+ expiresIn: string | number;
1427
+ secret: string;
1428
+ rotation?: boolean | undefined;
1429
+ reuseDetection?: boolean | undefined;
1430
+ };
1431
+ algorithm?: "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512" | undefined;
1432
+ issuer?: string | undefined;
1433
+ audience?: string | string[] | undefined;
1434
+ }>;
1435
+ signup: z.ZodOptional<z.ZodObject<{
1436
+ enabled: z.ZodOptional<z.ZodBoolean>;
1437
+ verificationMethod: z.ZodOptional<z.ZodEnum<["none", "email", "phone", "both"]>>;
1438
+ allowDuplicatePhones: z.ZodOptional<z.ZodBoolean>;
1439
+ emailVerification: z.ZodOptional<z.ZodObject<{
1440
+ expiresIn: z.ZodOptional<z.ZodNumber>;
1441
+ resendDelay: z.ZodOptional<z.ZodNumber>;
1442
+ rateLimitMax: z.ZodOptional<z.ZodNumber>;
1443
+ rateLimitWindow: z.ZodOptional<z.ZodNumber>;
1444
+ maxAttemptsPerUser: z.ZodOptional<z.ZodNumber>;
1445
+ maxAttemptsPerIP: z.ZodOptional<z.ZodNumber>;
1446
+ attemptWindow: z.ZodOptional<z.ZodNumber>;
1447
+ }, "strip", z.ZodTypeAny, {
1448
+ expiresIn?: number | undefined;
1449
+ resendDelay?: number | undefined;
1450
+ rateLimitMax?: number | undefined;
1451
+ rateLimitWindow?: number | undefined;
1452
+ maxAttemptsPerUser?: number | undefined;
1453
+ maxAttemptsPerIP?: number | undefined;
1454
+ attemptWindow?: number | undefined;
1455
+ }, {
1456
+ expiresIn?: number | undefined;
1457
+ resendDelay?: number | undefined;
1458
+ rateLimitMax?: number | undefined;
1459
+ rateLimitWindow?: number | undefined;
1460
+ maxAttemptsPerUser?: number | undefined;
1461
+ maxAttemptsPerIP?: number | undefined;
1462
+ attemptWindow?: number | undefined;
1463
+ }>>;
1464
+ phoneVerification: z.ZodOptional<z.ZodObject<{
1465
+ codeLength: z.ZodOptional<z.ZodNumber>;
1466
+ expiresIn: z.ZodOptional<z.ZodNumber>;
1467
+ maxAttempts: z.ZodOptional<z.ZodNumber>;
1468
+ resendDelay: z.ZodOptional<z.ZodNumber>;
1469
+ rateLimitMax: z.ZodOptional<z.ZodNumber>;
1470
+ rateLimitWindow: z.ZodOptional<z.ZodNumber>;
1471
+ maxAttemptsPerUser: z.ZodOptional<z.ZodNumber>;
1472
+ maxAttemptsPerIP: z.ZodOptional<z.ZodNumber>;
1473
+ attemptWindow: z.ZodOptional<z.ZodNumber>;
1474
+ }, "strip", z.ZodTypeAny, {
1475
+ expiresIn?: number | undefined;
1476
+ maxAttempts?: number | undefined;
1477
+ resendDelay?: number | undefined;
1478
+ rateLimitMax?: number | undefined;
1479
+ rateLimitWindow?: number | undefined;
1480
+ maxAttemptsPerUser?: number | undefined;
1481
+ maxAttemptsPerIP?: number | undefined;
1482
+ attemptWindow?: number | undefined;
1483
+ codeLength?: number | undefined;
1484
+ }, {
1485
+ expiresIn?: number | undefined;
1486
+ maxAttempts?: number | undefined;
1487
+ resendDelay?: number | undefined;
1488
+ rateLimitMax?: number | undefined;
1489
+ rateLimitWindow?: number | undefined;
1490
+ maxAttemptsPerUser?: number | undefined;
1491
+ maxAttemptsPerIP?: number | undefined;
1492
+ attemptWindow?: number | undefined;
1493
+ codeLength?: number | undefined;
1494
+ }>>;
1495
+ }, "strip", z.ZodTypeAny, {
1496
+ verificationMethod?: "email" | "none" | "phone" | "both" | undefined;
1497
+ enabled?: boolean | undefined;
1498
+ allowDuplicatePhones?: boolean | undefined;
1499
+ emailVerification?: {
1500
+ expiresIn?: number | undefined;
1501
+ resendDelay?: number | undefined;
1502
+ rateLimitMax?: number | undefined;
1503
+ rateLimitWindow?: number | undefined;
1504
+ maxAttemptsPerUser?: number | undefined;
1505
+ maxAttemptsPerIP?: number | undefined;
1506
+ attemptWindow?: number | undefined;
1507
+ } | undefined;
1508
+ phoneVerification?: {
1509
+ expiresIn?: number | undefined;
1510
+ maxAttempts?: number | undefined;
1511
+ resendDelay?: number | undefined;
1512
+ rateLimitMax?: number | undefined;
1513
+ rateLimitWindow?: number | undefined;
1514
+ maxAttemptsPerUser?: number | undefined;
1515
+ maxAttemptsPerIP?: number | undefined;
1516
+ attemptWindow?: number | undefined;
1517
+ codeLength?: number | undefined;
1518
+ } | undefined;
1519
+ }, {
1520
+ verificationMethod?: "email" | "none" | "phone" | "both" | undefined;
1521
+ enabled?: boolean | undefined;
1522
+ allowDuplicatePhones?: boolean | undefined;
1523
+ emailVerification?: {
1524
+ expiresIn?: number | undefined;
1525
+ resendDelay?: number | undefined;
1526
+ rateLimitMax?: number | undefined;
1527
+ rateLimitWindow?: number | undefined;
1528
+ maxAttemptsPerUser?: number | undefined;
1529
+ maxAttemptsPerIP?: number | undefined;
1530
+ attemptWindow?: number | undefined;
1531
+ } | undefined;
1532
+ phoneVerification?: {
1533
+ expiresIn?: number | undefined;
1534
+ maxAttempts?: number | undefined;
1535
+ resendDelay?: number | undefined;
1536
+ rateLimitMax?: number | undefined;
1537
+ rateLimitWindow?: number | undefined;
1538
+ maxAttemptsPerUser?: number | undefined;
1539
+ maxAttemptsPerIP?: number | undefined;
1540
+ attemptWindow?: number | undefined;
1541
+ codeLength?: number | undefined;
1542
+ } | undefined;
1543
+ }>>;
1544
+ login: z.ZodOptional<z.ZodObject<{
1545
+ identifierType: z.ZodOptional<z.ZodEnum<["email", "username", "phone", "email_or_username"]>>;
1546
+ }, "strip", z.ZodTypeAny, {
1547
+ identifierType?: "email" | "phone" | "username" | "email_or_username" | undefined;
1548
+ }, {
1549
+ identifierType?: "email" | "phone" | "username" | "email_or_username" | undefined;
1550
+ }>>;
1551
+ password: z.ZodOptional<z.ZodObject<{
1552
+ minLength: z.ZodOptional<z.ZodNumber>;
1553
+ maxLength: z.ZodOptional<z.ZodNumber>;
1554
+ requireUppercase: z.ZodOptional<z.ZodBoolean>;
1555
+ requireLowercase: z.ZodOptional<z.ZodBoolean>;
1556
+ requireNumbers: z.ZodOptional<z.ZodBoolean>;
1557
+ requireSpecialChars: z.ZodOptional<z.ZodBoolean>;
1558
+ specialChars: z.ZodOptional<z.ZodString>;
1559
+ preventCommon: z.ZodOptional<z.ZodBoolean>;
1560
+ preventUserInfo: z.ZodOptional<z.ZodBoolean>;
1561
+ historyCount: z.ZodOptional<z.ZodNumber>;
1562
+ expiryDays: z.ZodOptional<z.ZodNumber>;
1563
+ }, "strip", z.ZodTypeAny, {
1564
+ minLength?: number | undefined;
1565
+ maxLength?: number | undefined;
1566
+ requireUppercase?: boolean | undefined;
1567
+ requireLowercase?: boolean | undefined;
1568
+ requireNumbers?: boolean | undefined;
1569
+ requireSpecialChars?: boolean | undefined;
1570
+ specialChars?: string | undefined;
1571
+ preventCommon?: boolean | undefined;
1572
+ preventUserInfo?: boolean | undefined;
1573
+ historyCount?: number | undefined;
1574
+ expiryDays?: number | undefined;
1575
+ }, {
1576
+ minLength?: number | undefined;
1577
+ maxLength?: number | undefined;
1578
+ requireUppercase?: boolean | undefined;
1579
+ requireLowercase?: boolean | undefined;
1580
+ requireNumbers?: boolean | undefined;
1581
+ requireSpecialChars?: boolean | undefined;
1582
+ specialChars?: string | undefined;
1583
+ preventCommon?: boolean | undefined;
1584
+ preventUserInfo?: boolean | undefined;
1585
+ historyCount?: number | undefined;
1586
+ expiryDays?: number | undefined;
1587
+ }>>;
1588
+ lockout: z.ZodOptional<z.ZodObject<{
1589
+ enabled: z.ZodOptional<z.ZodBoolean>;
1590
+ maxAttempts: z.ZodOptional<z.ZodNumber>;
1591
+ duration: z.ZodOptional<z.ZodNumber>;
1592
+ resetOnSuccess: z.ZodOptional<z.ZodBoolean>;
1593
+ }, "strip", z.ZodTypeAny, {
1594
+ duration?: number | undefined;
1595
+ maxAttempts?: number | undefined;
1596
+ enabled?: boolean | undefined;
1597
+ resetOnSuccess?: boolean | undefined;
1598
+ }, {
1599
+ duration?: number | undefined;
1600
+ maxAttempts?: number | undefined;
1601
+ enabled?: boolean | undefined;
1602
+ resetOnSuccess?: boolean | undefined;
1603
+ }>>;
1604
+ session: z.ZodOptional<z.ZodObject<{
1605
+ maxConcurrent: z.ZodOptional<z.ZodNumber>;
1606
+ disallowMultipleSessions: z.ZodOptional<z.ZodBoolean>;
1607
+ maxLifetime: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodNumber]>>;
1608
+ }, "strip", z.ZodTypeAny, {
1609
+ maxConcurrent?: number | undefined;
1610
+ disallowMultipleSessions?: boolean | undefined;
1611
+ maxLifetime?: string | number | undefined;
1612
+ }, {
1613
+ maxConcurrent?: number | undefined;
1614
+ disallowMultipleSessions?: boolean | undefined;
1615
+ maxLifetime?: string | number | undefined;
1616
+ }>>;
1617
+ security: z.ZodOptional<z.ZodObject<{
1618
+ csrf: z.ZodOptional<z.ZodObject<{
1619
+ cookieName: z.ZodOptional<z.ZodString>;
1620
+ headerName: z.ZodOptional<z.ZodString>;
1621
+ tokenLength: z.ZodOptional<z.ZodNumber>;
1622
+ excludedPaths: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1623
+ cookieOptions: z.ZodOptional<z.ZodObject<{
1624
+ secure: z.ZodOptional<z.ZodBoolean>;
1625
+ sameSite: z.ZodOptional<z.ZodEnum<["strict", "lax", "none"]>>;
1626
+ domain: z.ZodOptional<z.ZodString>;
1627
+ path: z.ZodOptional<z.ZodString>;
1628
+ }, "strip", z.ZodTypeAny, {
1629
+ secure?: boolean | undefined;
1630
+ sameSite?: "none" | "strict" | "lax" | undefined;
1631
+ domain?: string | undefined;
1632
+ path?: string | undefined;
1633
+ }, {
1634
+ secure?: boolean | undefined;
1635
+ sameSite?: "none" | "strict" | "lax" | undefined;
1636
+ domain?: string | undefined;
1637
+ path?: string | undefined;
1638
+ }>>;
1639
+ }, "strip", z.ZodTypeAny, {
1640
+ cookieName?: string | undefined;
1641
+ headerName?: string | undefined;
1642
+ tokenLength?: number | undefined;
1643
+ excludedPaths?: string[] | undefined;
1644
+ cookieOptions?: {
1645
+ secure?: boolean | undefined;
1646
+ sameSite?: "none" | "strict" | "lax" | undefined;
1647
+ domain?: string | undefined;
1648
+ path?: string | undefined;
1649
+ } | undefined;
1650
+ }, {
1651
+ cookieName?: string | undefined;
1652
+ headerName?: string | undefined;
1653
+ tokenLength?: number | undefined;
1654
+ excludedPaths?: string[] | undefined;
1655
+ cookieOptions?: {
1656
+ secure?: boolean | undefined;
1657
+ sameSite?: "none" | "strict" | "lax" | undefined;
1658
+ domain?: string | undefined;
1659
+ path?: string | undefined;
1660
+ } | undefined;
1661
+ }>>;
1662
+ }, "strip", z.ZodTypeAny, {
1663
+ csrf?: {
1664
+ cookieName?: string | undefined;
1665
+ headerName?: string | undefined;
1666
+ tokenLength?: number | undefined;
1667
+ excludedPaths?: string[] | undefined;
1668
+ cookieOptions?: {
1669
+ secure?: boolean | undefined;
1670
+ sameSite?: "none" | "strict" | "lax" | undefined;
1671
+ domain?: string | undefined;
1672
+ path?: string | undefined;
1673
+ } | undefined;
1674
+ } | undefined;
1675
+ }, {
1676
+ csrf?: {
1677
+ cookieName?: string | undefined;
1678
+ headerName?: string | undefined;
1679
+ tokenLength?: number | undefined;
1680
+ excludedPaths?: string[] | undefined;
1681
+ cookieOptions?: {
1682
+ secure?: boolean | undefined;
1683
+ sameSite?: "none" | "strict" | "lax" | undefined;
1684
+ domain?: string | undefined;
1685
+ path?: string | undefined;
1686
+ } | undefined;
1687
+ } | undefined;
1688
+ }>>;
1689
+ hooks: z.ZodOptional<z.ZodObject<{
1690
+ beforeSignup: z.ZodOptional<z.ZodAny>;
1691
+ afterSignup: z.ZodOptional<z.ZodAny>;
1692
+ beforeLogin: z.ZodOptional<z.ZodAny>;
1693
+ afterLogin: z.ZodOptional<z.ZodAny>;
1694
+ afterLoginFailed: z.ZodOptional<z.ZodAny>;
1695
+ beforePasswordChange: z.ZodOptional<z.ZodAny>;
1696
+ afterPasswordChange: z.ZodOptional<z.ZodAny>;
1697
+ beforeAccountLock: z.ZodOptional<z.ZodAny>;
1698
+ afterAccountLock: z.ZodOptional<z.ZodAny>;
1699
+ onAdaptiveMFATriggered: z.ZodOptional<z.ZodAny>;
1700
+ onSignInBlocked: z.ZodOptional<z.ZodAny>;
1701
+ }, "strip", z.ZodTypeAny, {
1702
+ onAdaptiveMFATriggered?: any;
1703
+ onSignInBlocked?: any;
1704
+ afterSignup?: any;
1705
+ beforePasswordChange?: any;
1706
+ afterPasswordChange?: any;
1707
+ beforeSignup?: any;
1708
+ beforeLogin?: any;
1709
+ afterLogin?: any;
1710
+ afterLoginFailed?: any;
1711
+ beforeAccountLock?: any;
1712
+ afterAccountLock?: any;
1713
+ }, {
1714
+ onAdaptiveMFATriggered?: any;
1715
+ onSignInBlocked?: any;
1716
+ afterSignup?: any;
1717
+ beforePasswordChange?: any;
1718
+ afterPasswordChange?: any;
1719
+ beforeSignup?: any;
1720
+ beforeLogin?: any;
1721
+ afterLogin?: any;
1722
+ afterLoginFailed?: any;
1723
+ beforeAccountLock?: any;
1724
+ afterAccountLock?: any;
1725
+ }>>;
1726
+ auditLogs: z.ZodOptional<z.ZodObject<{
1727
+ enabled: z.ZodOptional<z.ZodBoolean>;
1728
+ fireAndForget: z.ZodOptional<z.ZodBoolean>;
1729
+ }, "strip", z.ZodTypeAny, {
1730
+ enabled?: boolean | undefined;
1731
+ fireAndForget?: boolean | undefined;
1732
+ }, {
1733
+ enabled?: boolean | undefined;
1734
+ fireAndForget?: boolean | undefined;
1735
+ }>>;
1736
+ emailProvider: z.ZodOptional<z.ZodAny>;
1737
+ email: z.ZodOptional<z.ZodObject<{
1738
+ appName: z.ZodOptional<z.ZodString>;
1739
+ companyName: z.ZodOptional<z.ZodString>;
1740
+ logoUrl: z.ZodOptional<z.ZodString>;
1741
+ supportEmail: z.ZodOptional<z.ZodString>;
1742
+ dashboardUrl: z.ZodOptional<z.ZodString>;
1743
+ brandColor: z.ZodOptional<z.ZodString>;
1744
+ footerDisclaimer: z.ZodOptional<z.ZodString>;
1745
+ templates: z.ZodOptional<z.ZodObject<{
1746
+ engine: z.ZodOptional<z.ZodAny>;
1747
+ globalVariables: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<[z.ZodString, z.ZodNumber, z.ZodBoolean]>>>;
1748
+ customTemplates: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodObject<{
1749
+ htmlPath: z.ZodOptional<z.ZodString>;
1750
+ html: z.ZodOptional<z.ZodString>;
1751
+ textPath: z.ZodOptional<z.ZodString>;
1752
+ text: z.ZodOptional<z.ZodString>;
1753
+ subject: z.ZodOptional<z.ZodString>;
1754
+ }, "strip", z.ZodTypeAny, {
1755
+ htmlPath?: string | undefined;
1756
+ html?: string | undefined;
1757
+ textPath?: string | undefined;
1758
+ text?: string | undefined;
1759
+ subject?: string | undefined;
1760
+ }, {
1761
+ htmlPath?: string | undefined;
1762
+ html?: string | undefined;
1763
+ textPath?: string | undefined;
1764
+ text?: string | undefined;
1765
+ subject?: string | undefined;
1766
+ }>, {
1767
+ htmlPath?: string | undefined;
1768
+ html?: string | undefined;
1769
+ textPath?: string | undefined;
1770
+ text?: string | undefined;
1771
+ subject?: string | undefined;
1772
+ }, {
1773
+ htmlPath?: string | undefined;
1774
+ html?: string | undefined;
1775
+ textPath?: string | undefined;
1776
+ text?: string | undefined;
1777
+ subject?: string | undefined;
1778
+ }>, {
1779
+ htmlPath?: string | undefined;
1780
+ html?: string | undefined;
1781
+ textPath?: string | undefined;
1782
+ text?: string | undefined;
1783
+ subject?: string | undefined;
1784
+ }, {
1785
+ htmlPath?: string | undefined;
1786
+ html?: string | undefined;
1787
+ textPath?: string | undefined;
1788
+ text?: string | undefined;
1789
+ subject?: string | undefined;
1790
+ }>, {
1791
+ htmlPath?: string | undefined;
1792
+ html?: string | undefined;
1793
+ textPath?: string | undefined;
1794
+ text?: string | undefined;
1795
+ subject?: string | undefined;
1796
+ }, {
1797
+ htmlPath?: string | undefined;
1798
+ html?: string | undefined;
1799
+ textPath?: string | undefined;
1800
+ text?: string | undefined;
1801
+ subject?: string | undefined;
1802
+ }>>>;
1803
+ }, "strip", z.ZodTypeAny, {
1804
+ engine?: any;
1805
+ globalVariables?: Record<string, string | number | boolean> | undefined;
1806
+ customTemplates?: Record<string, {
1807
+ htmlPath?: string | undefined;
1808
+ html?: string | undefined;
1809
+ textPath?: string | undefined;
1810
+ text?: string | undefined;
1811
+ subject?: string | undefined;
1812
+ }> | undefined;
1813
+ }, {
1814
+ engine?: any;
1815
+ globalVariables?: Record<string, string | number | boolean> | undefined;
1816
+ customTemplates?: Record<string, {
1817
+ htmlPath?: string | undefined;
1818
+ html?: string | undefined;
1819
+ textPath?: string | undefined;
1820
+ text?: string | undefined;
1821
+ subject?: string | undefined;
1822
+ }> | undefined;
1823
+ }>>;
1824
+ }, "strip", z.ZodTypeAny, {
1825
+ appName?: string | undefined;
1826
+ companyName?: string | undefined;
1827
+ brandColor?: string | undefined;
1828
+ logoUrl?: string | undefined;
1829
+ dashboardUrl?: string | undefined;
1830
+ supportEmail?: string | undefined;
1831
+ footerDisclaimer?: string | undefined;
1832
+ templates?: {
1833
+ engine?: any;
1834
+ globalVariables?: Record<string, string | number | boolean> | undefined;
1835
+ customTemplates?: Record<string, {
1836
+ htmlPath?: string | undefined;
1837
+ html?: string | undefined;
1838
+ textPath?: string | undefined;
1839
+ text?: string | undefined;
1840
+ subject?: string | undefined;
1841
+ }> | undefined;
1842
+ } | undefined;
1843
+ }, {
1844
+ appName?: string | undefined;
1845
+ companyName?: string | undefined;
1846
+ brandColor?: string | undefined;
1847
+ logoUrl?: string | undefined;
1848
+ dashboardUrl?: string | undefined;
1849
+ supportEmail?: string | undefined;
1850
+ footerDisclaimer?: string | undefined;
1851
+ templates?: {
1852
+ engine?: any;
1853
+ globalVariables?: Record<string, string | number | boolean> | undefined;
1854
+ customTemplates?: Record<string, {
1855
+ htmlPath?: string | undefined;
1856
+ html?: string | undefined;
1857
+ textPath?: string | undefined;
1858
+ text?: string | undefined;
1859
+ subject?: string | undefined;
1860
+ }> | undefined;
1861
+ } | undefined;
1862
+ }>>;
1863
+ smsProvider: z.ZodOptional<z.ZodAny>;
1864
+ phone: z.ZodOptional<z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>>;
1865
+ storageAdapter: z.ZodOptional<z.ZodAny>;
1866
+ social: z.ZodOptional<z.ZodObject<{
1867
+ google: z.ZodOptional<z.ZodObject<{
1868
+ enabled: z.ZodOptional<z.ZodBoolean>;
1869
+ clientId: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
1870
+ clientSecret: z.ZodOptional<z.ZodString>;
1871
+ callbackUrl: z.ZodOptional<z.ZodString>;
1872
+ scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1873
+ autoLink: z.ZodOptional<z.ZodBoolean>;
1874
+ allowSignup: z.ZodOptional<z.ZodBoolean>;
1875
+ }, "strip", z.ZodTypeAny, {
1876
+ enabled?: boolean | undefined;
1877
+ clientId?: string | string[] | undefined;
1878
+ clientSecret?: string | undefined;
1879
+ callbackUrl?: string | undefined;
1880
+ scopes?: string[] | undefined;
1881
+ autoLink?: boolean | undefined;
1882
+ allowSignup?: boolean | undefined;
1883
+ }, {
1884
+ enabled?: boolean | undefined;
1885
+ clientId?: string | string[] | undefined;
1886
+ clientSecret?: string | undefined;
1887
+ callbackUrl?: string | undefined;
1888
+ scopes?: string[] | undefined;
1889
+ autoLink?: boolean | undefined;
1890
+ allowSignup?: boolean | undefined;
1891
+ }>>;
1892
+ apple: z.ZodOptional<z.ZodObject<{
1893
+ enabled: z.ZodOptional<z.ZodBoolean>;
1894
+ clientId: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
1895
+ clientSecret: z.ZodOptional<z.ZodString>;
1896
+ callbackUrl: z.ZodOptional<z.ZodString>;
1897
+ scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1898
+ autoLink: z.ZodOptional<z.ZodBoolean>;
1899
+ allowSignup: z.ZodOptional<z.ZodBoolean>;
1900
+ }, "strip", z.ZodTypeAny, {
1901
+ enabled?: boolean | undefined;
1902
+ clientId?: string | string[] | undefined;
1903
+ clientSecret?: string | undefined;
1904
+ callbackUrl?: string | undefined;
1905
+ scopes?: string[] | undefined;
1906
+ autoLink?: boolean | undefined;
1907
+ allowSignup?: boolean | undefined;
1908
+ }, {
1909
+ enabled?: boolean | undefined;
1910
+ clientId?: string | string[] | undefined;
1911
+ clientSecret?: string | undefined;
1912
+ callbackUrl?: string | undefined;
1913
+ scopes?: string[] | undefined;
1914
+ autoLink?: boolean | undefined;
1915
+ allowSignup?: boolean | undefined;
1916
+ }>>;
1917
+ facebook: z.ZodOptional<z.ZodObject<{
1918
+ enabled: z.ZodOptional<z.ZodBoolean>;
1919
+ clientId: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
1920
+ clientSecret: z.ZodOptional<z.ZodString>;
1921
+ callbackUrl: z.ZodOptional<z.ZodString>;
1922
+ scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1923
+ autoLink: z.ZodOptional<z.ZodBoolean>;
1924
+ allowSignup: z.ZodOptional<z.ZodBoolean>;
1925
+ }, "strip", z.ZodTypeAny, {
1926
+ enabled?: boolean | undefined;
1927
+ clientId?: string | string[] | undefined;
1928
+ clientSecret?: string | undefined;
1929
+ callbackUrl?: string | undefined;
1930
+ scopes?: string[] | undefined;
1931
+ autoLink?: boolean | undefined;
1932
+ allowSignup?: boolean | undefined;
1933
+ }, {
1934
+ enabled?: boolean | undefined;
1935
+ clientId?: string | string[] | undefined;
1936
+ clientSecret?: string | undefined;
1937
+ callbackUrl?: string | undefined;
1938
+ scopes?: string[] | undefined;
1939
+ autoLink?: boolean | undefined;
1940
+ allowSignup?: boolean | undefined;
1941
+ }>>;
1942
+ }, "strip", z.ZodTypeAny, {
1943
+ google?: {
1944
+ enabled?: boolean | undefined;
1945
+ clientId?: string | string[] | undefined;
1946
+ clientSecret?: string | undefined;
1947
+ callbackUrl?: string | undefined;
1948
+ scopes?: string[] | undefined;
1949
+ autoLink?: boolean | undefined;
1950
+ allowSignup?: boolean | undefined;
1951
+ } | undefined;
1952
+ apple?: {
1953
+ enabled?: boolean | undefined;
1954
+ clientId?: string | string[] | undefined;
1955
+ clientSecret?: string | undefined;
1956
+ callbackUrl?: string | undefined;
1957
+ scopes?: string[] | undefined;
1958
+ autoLink?: boolean | undefined;
1959
+ allowSignup?: boolean | undefined;
1960
+ } | undefined;
1961
+ facebook?: {
1962
+ enabled?: boolean | undefined;
1963
+ clientId?: string | string[] | undefined;
1964
+ clientSecret?: string | undefined;
1965
+ callbackUrl?: string | undefined;
1966
+ scopes?: string[] | undefined;
1967
+ autoLink?: boolean | undefined;
1968
+ allowSignup?: boolean | undefined;
1969
+ } | undefined;
1970
+ }, {
1971
+ google?: {
1972
+ enabled?: boolean | undefined;
1973
+ clientId?: string | string[] | undefined;
1974
+ clientSecret?: string | undefined;
1975
+ callbackUrl?: string | undefined;
1976
+ scopes?: string[] | undefined;
1977
+ autoLink?: boolean | undefined;
1978
+ allowSignup?: boolean | undefined;
1979
+ } | undefined;
1980
+ apple?: {
1981
+ enabled?: boolean | undefined;
1982
+ clientId?: string | string[] | undefined;
1983
+ clientSecret?: string | undefined;
1984
+ callbackUrl?: string | undefined;
1985
+ scopes?: string[] | undefined;
1986
+ autoLink?: boolean | undefined;
1987
+ allowSignup?: boolean | undefined;
1988
+ } | undefined;
1989
+ facebook?: {
1990
+ enabled?: boolean | undefined;
1991
+ clientId?: string | string[] | undefined;
1992
+ clientSecret?: string | undefined;
1993
+ callbackUrl?: string | undefined;
1994
+ scopes?: string[] | undefined;
1995
+ autoLink?: boolean | undefined;
1996
+ allowSignup?: boolean | undefined;
1997
+ } | undefined;
1998
+ }>>;
1999
+ mfa: z.ZodOptional<z.ZodObject<{
2000
+ enabled: z.ZodOptional<z.ZodBoolean>;
2001
+ enforcement: z.ZodOptional<z.ZodEnum<["OPTIONAL", "REQUIRED", "ADAPTIVE"]>>;
2002
+ gracePeriod: z.ZodOptional<z.ZodNumber>;
2003
+ allowedMethods: z.ZodOptional<z.ZodArray<z.ZodEnum<["totp", "sms", "email", "passkey"]>, "many">>;
2004
+ requireForSocialLogin: z.ZodOptional<z.ZodBoolean>;
2005
+ rememberDevices: z.ZodOptional<z.ZodEnum<["always", "user_opt_in", "never"]>>;
2006
+ rememberDeviceDays: z.ZodOptional<z.ZodNumber>;
2007
+ bypassMFAForTrustedDevices: z.ZodOptional<z.ZodBoolean>;
2008
+ issuer: z.ZodOptional<z.ZodString>;
2009
+ totp: z.ZodOptional<z.ZodObject<{
2010
+ window: z.ZodOptional<z.ZodNumber>;
2011
+ stepSeconds: z.ZodOptional<z.ZodNumber>;
2012
+ digits: z.ZodOptional<z.ZodNumber>;
2013
+ algorithm: z.ZodOptional<z.ZodEnum<["sha1", "sha256", "sha512"]>>;
2014
+ }, "strip", z.ZodTypeAny, {
2015
+ algorithm?: "sha1" | "sha256" | "sha512" | undefined;
2016
+ window?: number | undefined;
2017
+ stepSeconds?: number | undefined;
2018
+ digits?: number | undefined;
2019
+ }, {
2020
+ algorithm?: "sha1" | "sha256" | "sha512" | undefined;
2021
+ window?: number | undefined;
2022
+ stepSeconds?: number | undefined;
2023
+ digits?: number | undefined;
2024
+ }>>;
2025
+ passkey: z.ZodOptional<z.ZodObject<{
2026
+ rpName: z.ZodString;
2027
+ rpId: z.ZodString;
2028
+ origin: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
2029
+ timeout: z.ZodOptional<z.ZodNumber>;
2030
+ userVerification: z.ZodOptional<z.ZodEnum<["required", "preferred", "discouraged"]>>;
2031
+ authenticatorAttachment: z.ZodOptional<z.ZodEnum<["platform", "cross-platform"]>>;
2032
+ }, "strip", z.ZodTypeAny, {
2033
+ rpName: string;
2034
+ rpId: string;
2035
+ origin?: string | string[] | undefined;
2036
+ timeout?: number | undefined;
2037
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
2038
+ authenticatorAttachment?: "platform" | "cross-platform" | undefined;
2039
+ }, {
2040
+ rpName: string;
2041
+ rpId: string;
2042
+ origin?: string | string[] | undefined;
2043
+ timeout?: number | undefined;
2044
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
2045
+ authenticatorAttachment?: "platform" | "cross-platform" | undefined;
2046
+ }>>;
2047
+ backup: z.ZodOptional<z.ZodObject<{
2048
+ enabled: z.ZodOptional<z.ZodBoolean>;
2049
+ codeCount: z.ZodOptional<z.ZodNumber>;
2050
+ codeLength: z.ZodOptional<z.ZodNumber>;
2051
+ }, "strip", z.ZodTypeAny, {
2052
+ enabled?: boolean | undefined;
2053
+ codeLength?: number | undefined;
2054
+ codeCount?: number | undefined;
2055
+ }, {
2056
+ enabled?: boolean | undefined;
2057
+ codeLength?: number | undefined;
2058
+ codeCount?: number | undefined;
2059
+ }>>;
2060
+ adaptive: z.ZodOptional<z.ZodObject<{
2061
+ triggers: z.ZodOptional<z.ZodArray<z.ZodEnum<["new_device", "new_ip", "new_country", "impossible_travel", "suspicious_activity"]>, "many">>;
2062
+ riskThreshold: z.ZodOptional<z.ZodNumber>;
2063
+ riskWeights: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodNumber>>;
2064
+ riskLevels: z.ZodOptional<z.ZodObject<{
2065
+ low: z.ZodOptional<z.ZodObject<{
2066
+ maxScore: z.ZodNumber;
2067
+ action: z.ZodOptional<z.ZodEnum<["allow", "require_mfa", "block_signin"]>>;
2068
+ notifyUser: z.ZodOptional<z.ZodBoolean>;
2069
+ }, "strip", z.ZodTypeAny, {
2070
+ maxScore: number;
2071
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
2072
+ notifyUser?: boolean | undefined;
2073
+ }, {
2074
+ maxScore: number;
2075
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
2076
+ notifyUser?: boolean | undefined;
2077
+ }>>;
2078
+ medium: z.ZodOptional<z.ZodObject<{
2079
+ maxScore: z.ZodNumber;
2080
+ action: z.ZodOptional<z.ZodEnum<["allow", "require_mfa", "block_signin"]>>;
2081
+ notifyUser: z.ZodOptional<z.ZodBoolean>;
2082
+ }, "strip", z.ZodTypeAny, {
2083
+ maxScore: number;
2084
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
2085
+ notifyUser?: boolean | undefined;
2086
+ }, {
2087
+ maxScore: number;
2088
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
2089
+ notifyUser?: boolean | undefined;
2090
+ }>>;
2091
+ high: z.ZodOptional<z.ZodObject<{
2092
+ maxScore: z.ZodNumber;
2093
+ action: z.ZodOptional<z.ZodEnum<["allow", "require_mfa", "block_signin"]>>;
2094
+ notifyUser: z.ZodOptional<z.ZodBoolean>;
2095
+ }, "strip", z.ZodTypeAny, {
2096
+ maxScore: number;
2097
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
2098
+ notifyUser?: boolean | undefined;
2099
+ }, {
2100
+ maxScore: number;
2101
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
2102
+ notifyUser?: boolean | undefined;
2103
+ }>>;
2104
+ }, "strip", z.ZodTypeAny, {
2105
+ low?: {
2106
+ maxScore: number;
2107
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
2108
+ notifyUser?: boolean | undefined;
2109
+ } | undefined;
2110
+ medium?: {
2111
+ maxScore: number;
2112
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
2113
+ notifyUser?: boolean | undefined;
2114
+ } | undefined;
2115
+ high?: {
2116
+ maxScore: number;
2117
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
2118
+ notifyUser?: boolean | undefined;
2119
+ } | undefined;
2120
+ }, {
2121
+ low?: {
2122
+ maxScore: number;
2123
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
2124
+ notifyUser?: boolean | undefined;
2125
+ } | undefined;
2126
+ medium?: {
2127
+ maxScore: number;
2128
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
2129
+ notifyUser?: boolean | undefined;
2130
+ } | undefined;
2131
+ high?: {
2132
+ maxScore: number;
2133
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
2134
+ notifyUser?: boolean | undefined;
2135
+ } | undefined;
2136
+ }>>;
2137
+ blockedSignIn: z.ZodOptional<z.ZodObject<{
2138
+ blockDuration: z.ZodOptional<z.ZodNumber>;
2139
+ message: z.ZodOptional<z.ZodString>;
2140
+ errorCode: z.ZodOptional<z.ZodString>;
2141
+ }, "strip", z.ZodTypeAny, {
2142
+ message?: string | undefined;
2143
+ blockDuration?: number | undefined;
2144
+ errorCode?: string | undefined;
2145
+ }, {
2146
+ message?: string | undefined;
2147
+ blockDuration?: number | undefined;
2148
+ errorCode?: string | undefined;
2149
+ }>>;
2150
+ maxTravelSpeed: z.ZodOptional<z.ZodNumber>;
2151
+ countryChangeThreshold: z.ZodOptional<z.ZodNumber>;
2152
+ suspiciousActivityWindow: z.ZodOptional<z.ZodNumber>;
2153
+ }, "strip", z.ZodTypeAny, {
2154
+ triggers?: ("new_device" | "new_ip" | "new_country" | "impossible_travel" | "suspicious_activity")[] | undefined;
2155
+ riskThreshold?: number | undefined;
2156
+ riskWeights?: Record<string, number> | undefined;
2157
+ riskLevels?: {
2158
+ low?: {
2159
+ maxScore: number;
2160
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
2161
+ notifyUser?: boolean | undefined;
2162
+ } | undefined;
2163
+ medium?: {
2164
+ maxScore: number;
2165
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
2166
+ notifyUser?: boolean | undefined;
2167
+ } | undefined;
2168
+ high?: {
2169
+ maxScore: number;
2170
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
2171
+ notifyUser?: boolean | undefined;
2172
+ } | undefined;
2173
+ } | undefined;
2174
+ blockedSignIn?: {
2175
+ message?: string | undefined;
2176
+ blockDuration?: number | undefined;
2177
+ errorCode?: string | undefined;
2178
+ } | undefined;
2179
+ maxTravelSpeed?: number | undefined;
2180
+ countryChangeThreshold?: number | undefined;
2181
+ suspiciousActivityWindow?: number | undefined;
2182
+ }, {
2183
+ triggers?: ("new_device" | "new_ip" | "new_country" | "impossible_travel" | "suspicious_activity")[] | undefined;
2184
+ riskThreshold?: number | undefined;
2185
+ riskWeights?: Record<string, number> | undefined;
2186
+ riskLevels?: {
2187
+ low?: {
2188
+ maxScore: number;
2189
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
2190
+ notifyUser?: boolean | undefined;
2191
+ } | undefined;
2192
+ medium?: {
2193
+ maxScore: number;
2194
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
2195
+ notifyUser?: boolean | undefined;
2196
+ } | undefined;
2197
+ high?: {
2198
+ maxScore: number;
2199
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
2200
+ notifyUser?: boolean | undefined;
2201
+ } | undefined;
2202
+ } | undefined;
2203
+ blockedSignIn?: {
2204
+ message?: string | undefined;
2205
+ blockDuration?: number | undefined;
2206
+ errorCode?: string | undefined;
2207
+ } | undefined;
2208
+ maxTravelSpeed?: number | undefined;
2209
+ countryChangeThreshold?: number | undefined;
2210
+ suspiciousActivityWindow?: number | undefined;
2211
+ }>>;
2212
+ }, "strip", z.ZodTypeAny, {
2213
+ totp?: {
2214
+ algorithm?: "sha1" | "sha256" | "sha512" | undefined;
2215
+ window?: number | undefined;
2216
+ stepSeconds?: number | undefined;
2217
+ digits?: number | undefined;
2218
+ } | undefined;
2219
+ passkey?: {
2220
+ rpName: string;
2221
+ rpId: string;
2222
+ origin?: string | string[] | undefined;
2223
+ timeout?: number | undefined;
2224
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
2225
+ authenticatorAttachment?: "platform" | "cross-platform" | undefined;
2226
+ } | undefined;
2227
+ backup?: {
2228
+ enabled?: boolean | undefined;
2229
+ codeLength?: number | undefined;
2230
+ codeCount?: number | undefined;
2231
+ } | undefined;
2232
+ rememberDevices?: "always" | "user_opt_in" | "never" | undefined;
2233
+ enabled?: boolean | undefined;
2234
+ requireForSocialLogin?: boolean | undefined;
2235
+ allowedMethods?: ("totp" | "sms" | "email" | "passkey")[] | undefined;
2236
+ bypassMFAForTrustedDevices?: boolean | undefined;
2237
+ rememberDeviceDays?: number | undefined;
2238
+ issuer?: string | undefined;
2239
+ enforcement?: "OPTIONAL" | "REQUIRED" | "ADAPTIVE" | undefined;
2240
+ gracePeriod?: number | undefined;
2241
+ adaptive?: {
2242
+ triggers?: ("new_device" | "new_ip" | "new_country" | "impossible_travel" | "suspicious_activity")[] | undefined;
2243
+ riskThreshold?: number | undefined;
2244
+ riskWeights?: Record<string, number> | undefined;
2245
+ riskLevels?: {
2246
+ low?: {
2247
+ maxScore: number;
2248
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
2249
+ notifyUser?: boolean | undefined;
2250
+ } | undefined;
2251
+ medium?: {
2252
+ maxScore: number;
2253
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
2254
+ notifyUser?: boolean | undefined;
2255
+ } | undefined;
2256
+ high?: {
2257
+ maxScore: number;
2258
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
2259
+ notifyUser?: boolean | undefined;
2260
+ } | undefined;
2261
+ } | undefined;
2262
+ blockedSignIn?: {
2263
+ message?: string | undefined;
2264
+ blockDuration?: number | undefined;
2265
+ errorCode?: string | undefined;
2266
+ } | undefined;
2267
+ maxTravelSpeed?: number | undefined;
2268
+ countryChangeThreshold?: number | undefined;
2269
+ suspiciousActivityWindow?: number | undefined;
2270
+ } | undefined;
2271
+ }, {
2272
+ totp?: {
2273
+ algorithm?: "sha1" | "sha256" | "sha512" | undefined;
2274
+ window?: number | undefined;
2275
+ stepSeconds?: number | undefined;
2276
+ digits?: number | undefined;
2277
+ } | undefined;
2278
+ passkey?: {
2279
+ rpName: string;
2280
+ rpId: string;
2281
+ origin?: string | string[] | undefined;
2282
+ timeout?: number | undefined;
2283
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
2284
+ authenticatorAttachment?: "platform" | "cross-platform" | undefined;
2285
+ } | undefined;
2286
+ backup?: {
2287
+ enabled?: boolean | undefined;
2288
+ codeLength?: number | undefined;
2289
+ codeCount?: number | undefined;
2290
+ } | undefined;
2291
+ rememberDevices?: "always" | "user_opt_in" | "never" | undefined;
2292
+ enabled?: boolean | undefined;
2293
+ requireForSocialLogin?: boolean | undefined;
2294
+ allowedMethods?: ("totp" | "sms" | "email" | "passkey")[] | undefined;
2295
+ bypassMFAForTrustedDevices?: boolean | undefined;
2296
+ rememberDeviceDays?: number | undefined;
2297
+ issuer?: string | undefined;
2298
+ enforcement?: "OPTIONAL" | "REQUIRED" | "ADAPTIVE" | undefined;
2299
+ gracePeriod?: number | undefined;
2300
+ adaptive?: {
2301
+ triggers?: ("new_device" | "new_ip" | "new_country" | "impossible_travel" | "suspicious_activity")[] | undefined;
2302
+ riskThreshold?: number | undefined;
2303
+ riskWeights?: Record<string, number> | undefined;
2304
+ riskLevels?: {
2305
+ low?: {
2306
+ maxScore: number;
2307
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
2308
+ notifyUser?: boolean | undefined;
2309
+ } | undefined;
2310
+ medium?: {
2311
+ maxScore: number;
2312
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
2313
+ notifyUser?: boolean | undefined;
2314
+ } | undefined;
2315
+ high?: {
2316
+ maxScore: number;
2317
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
2318
+ notifyUser?: boolean | undefined;
2319
+ } | undefined;
2320
+ } | undefined;
2321
+ blockedSignIn?: {
2322
+ message?: string | undefined;
2323
+ blockDuration?: number | undefined;
2324
+ errorCode?: string | undefined;
2325
+ } | undefined;
2326
+ maxTravelSpeed?: number | undefined;
2327
+ countryChangeThreshold?: number | undefined;
2328
+ suspiciousActivityWindow?: number | undefined;
2329
+ } | undefined;
2330
+ }>>;
2331
+ logger: z.ZodOptional<z.ZodAny>;
2332
+ tokenDelivery: z.ZodOptional<z.ZodObject<{
2333
+ method: z.ZodOptional<z.ZodEnum<["json", "cookies", "hybrid"]>>;
2334
+ cookieNamePrefix: z.ZodOptional<z.ZodString>;
2335
+ cookieOptions: z.ZodOptional<z.ZodObject<{
2336
+ secure: z.ZodOptional<z.ZodBoolean>;
2337
+ sameSite: z.ZodOptional<z.ZodEnum<["strict", "lax", "none"]>>;
2338
+ path: z.ZodOptional<z.ZodString>;
2339
+ domain: z.ZodOptional<z.ZodString>;
2340
+ }, "strip", z.ZodTypeAny, {
2341
+ secure?: boolean | undefined;
2342
+ sameSite?: "none" | "strict" | "lax" | undefined;
2343
+ domain?: string | undefined;
2344
+ path?: string | undefined;
2345
+ }, {
2346
+ secure?: boolean | undefined;
2347
+ sameSite?: "none" | "strict" | "lax" | undefined;
2348
+ domain?: string | undefined;
2349
+ path?: string | undefined;
2350
+ }>>;
2351
+ hybridPolicy: z.ZodOptional<z.ZodObject<{
2352
+ webOrigins: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
2353
+ nativeOrigins: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
2354
+ }, "strip", z.ZodTypeAny, {
2355
+ webOrigins?: string[] | undefined;
2356
+ nativeOrigins?: string[] | undefined;
2357
+ }, {
2358
+ webOrigins?: string[] | undefined;
2359
+ nativeOrigins?: string[] | undefined;
2360
+ }>>;
2361
+ }, "strip", z.ZodTypeAny, {
2362
+ method?: "json" | "cookies" | "hybrid" | undefined;
2363
+ cookieOptions?: {
2364
+ secure?: boolean | undefined;
2365
+ sameSite?: "none" | "strict" | "lax" | undefined;
2366
+ domain?: string | undefined;
2367
+ path?: string | undefined;
2368
+ } | undefined;
2369
+ cookieNamePrefix?: string | undefined;
2370
+ hybridPolicy?: {
2371
+ webOrigins?: string[] | undefined;
2372
+ nativeOrigins?: string[] | undefined;
2373
+ } | undefined;
2374
+ }, {
2375
+ method?: "json" | "cookies" | "hybrid" | undefined;
2376
+ cookieOptions?: {
2377
+ secure?: boolean | undefined;
2378
+ sameSite?: "none" | "strict" | "lax" | undefined;
2379
+ domain?: string | undefined;
2380
+ path?: string | undefined;
2381
+ } | undefined;
2382
+ cookieNamePrefix?: string | undefined;
2383
+ hybridPolicy?: {
2384
+ webOrigins?: string[] | undefined;
2385
+ nativeOrigins?: string[] | undefined;
2386
+ } | undefined;
2387
+ }>>;
2388
+ challenge: z.ZodOptional<z.ZodObject<{
2389
+ maxAttempts: z.ZodOptional<z.ZodNumber>;
2390
+ }, "strip", z.ZodTypeAny, {
2391
+ maxAttempts?: number | undefined;
2392
+ }, {
2393
+ maxAttempts?: number | undefined;
2394
+ }>>;
2395
+ geoLocation: z.ZodOptional<z.ZodObject<{
2396
+ maxMind: z.ZodOptional<z.ZodObject<{
2397
+ dbPath: z.ZodOptional<z.ZodString>;
2398
+ skipDownloads: z.ZodOptional<z.ZodBoolean>;
2399
+ licenseKey: z.ZodOptional<z.ZodString>;
2400
+ accountId: z.ZodOptional<z.ZodNumber>;
2401
+ autoDownloadOnStartup: z.ZodOptional<z.ZodBoolean>;
2402
+ editions: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
2403
+ }, "strip", z.ZodTypeAny, {
2404
+ dbPath?: string | undefined;
2405
+ skipDownloads?: boolean | undefined;
2406
+ licenseKey?: string | undefined;
2407
+ accountId?: number | undefined;
2408
+ autoDownloadOnStartup?: boolean | undefined;
2409
+ editions?: string[] | undefined;
2410
+ }, {
2411
+ dbPath?: string | undefined;
2412
+ skipDownloads?: boolean | undefined;
2413
+ licenseKey?: string | undefined;
2414
+ accountId?: number | undefined;
2415
+ autoDownloadOnStartup?: boolean | undefined;
2416
+ editions?: string[] | undefined;
2417
+ }>>;
2418
+ }, "strip", z.ZodTypeAny, {
2419
+ maxMind?: {
2420
+ dbPath?: string | undefined;
2421
+ skipDownloads?: boolean | undefined;
2422
+ licenseKey?: string | undefined;
2423
+ accountId?: number | undefined;
2424
+ autoDownloadOnStartup?: boolean | undefined;
2425
+ editions?: string[] | undefined;
2426
+ } | undefined;
2427
+ }, {
2428
+ maxMind?: {
2429
+ dbPath?: string | undefined;
2430
+ skipDownloads?: boolean | undefined;
2431
+ licenseKey?: string | undefined;
2432
+ accountId?: number | undefined;
2433
+ autoDownloadOnStartup?: boolean | undefined;
2434
+ editions?: string[] | undefined;
2435
+ } | undefined;
2436
+ }>>;
2437
+ }, "strip", z.ZodTypeAny, {
2438
+ jwt: {
2439
+ accessToken: {
2440
+ expiresIn: string | number;
2441
+ secret?: string | undefined;
2442
+ publicKey?: string | undefined;
2443
+ privateKey?: string | undefined;
2444
+ };
2445
+ refreshToken: {
2446
+ expiresIn: string | number;
2447
+ secret: string;
2448
+ rotation?: boolean | undefined;
2449
+ reuseDetection?: boolean | undefined;
2450
+ };
2451
+ algorithm?: "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512" | undefined;
2452
+ issuer?: string | undefined;
2453
+ audience?: string | string[] | undefined;
2454
+ };
2455
+ email?: {
2456
+ appName?: string | undefined;
2457
+ companyName?: string | undefined;
2458
+ brandColor?: string | undefined;
2459
+ logoUrl?: string | undefined;
2460
+ dashboardUrl?: string | undefined;
2461
+ supportEmail?: string | undefined;
2462
+ footerDisclaimer?: string | undefined;
2463
+ templates?: {
2464
+ engine?: any;
2465
+ globalVariables?: Record<string, string | number | boolean> | undefined;
2466
+ customTemplates?: Record<string, {
2467
+ htmlPath?: string | undefined;
2468
+ html?: string | undefined;
2469
+ textPath?: string | undefined;
2470
+ text?: string | undefined;
2471
+ subject?: string | undefined;
2472
+ }> | undefined;
2473
+ } | undefined;
2474
+ } | undefined;
2475
+ phone?: {} | undefined;
2476
+ password?: {
2477
+ minLength?: number | undefined;
2478
+ maxLength?: number | undefined;
2479
+ requireUppercase?: boolean | undefined;
2480
+ requireLowercase?: boolean | undefined;
2481
+ requireNumbers?: boolean | undefined;
2482
+ requireSpecialChars?: boolean | undefined;
2483
+ specialChars?: string | undefined;
2484
+ preventCommon?: boolean | undefined;
2485
+ preventUserInfo?: boolean | undefined;
2486
+ historyCount?: number | undefined;
2487
+ expiryDays?: number | undefined;
2488
+ } | undefined;
2489
+ session?: {
2490
+ maxConcurrent?: number | undefined;
2491
+ disallowMultipleSessions?: boolean | undefined;
2492
+ maxLifetime?: string | number | undefined;
2493
+ } | undefined;
2494
+ social?: {
2495
+ google?: {
2496
+ enabled?: boolean | undefined;
2497
+ clientId?: string | string[] | undefined;
2498
+ clientSecret?: string | undefined;
2499
+ callbackUrl?: string | undefined;
2500
+ scopes?: string[] | undefined;
2501
+ autoLink?: boolean | undefined;
2502
+ allowSignup?: boolean | undefined;
2503
+ } | undefined;
2504
+ apple?: {
2505
+ enabled?: boolean | undefined;
2506
+ clientId?: string | string[] | undefined;
2507
+ clientSecret?: string | undefined;
2508
+ callbackUrl?: string | undefined;
2509
+ scopes?: string[] | undefined;
2510
+ autoLink?: boolean | undefined;
2511
+ allowSignup?: boolean | undefined;
2512
+ } | undefined;
2513
+ facebook?: {
2514
+ enabled?: boolean | undefined;
2515
+ clientId?: string | string[] | undefined;
2516
+ clientSecret?: string | undefined;
2517
+ callbackUrl?: string | undefined;
2518
+ scopes?: string[] | undefined;
2519
+ autoLink?: boolean | undefined;
2520
+ allowSignup?: boolean | undefined;
2521
+ } | undefined;
2522
+ } | undefined;
2523
+ mfa?: {
2524
+ totp?: {
2525
+ algorithm?: "sha1" | "sha256" | "sha512" | undefined;
2526
+ window?: number | undefined;
2527
+ stepSeconds?: number | undefined;
2528
+ digits?: number | undefined;
2529
+ } | undefined;
2530
+ passkey?: {
2531
+ rpName: string;
2532
+ rpId: string;
2533
+ origin?: string | string[] | undefined;
2534
+ timeout?: number | undefined;
2535
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
2536
+ authenticatorAttachment?: "platform" | "cross-platform" | undefined;
2537
+ } | undefined;
2538
+ backup?: {
2539
+ enabled?: boolean | undefined;
2540
+ codeLength?: number | undefined;
2541
+ codeCount?: number | undefined;
2542
+ } | undefined;
2543
+ rememberDevices?: "always" | "user_opt_in" | "never" | undefined;
2544
+ enabled?: boolean | undefined;
2545
+ requireForSocialLogin?: boolean | undefined;
2546
+ allowedMethods?: ("totp" | "sms" | "email" | "passkey")[] | undefined;
2547
+ bypassMFAForTrustedDevices?: boolean | undefined;
2548
+ rememberDeviceDays?: number | undefined;
2549
+ issuer?: string | undefined;
2550
+ enforcement?: "OPTIONAL" | "REQUIRED" | "ADAPTIVE" | undefined;
2551
+ gracePeriod?: number | undefined;
2552
+ adaptive?: {
2553
+ triggers?: ("new_device" | "new_ip" | "new_country" | "impossible_travel" | "suspicious_activity")[] | undefined;
2554
+ riskThreshold?: number | undefined;
2555
+ riskWeights?: Record<string, number> | undefined;
2556
+ riskLevels?: {
2557
+ low?: {
2558
+ maxScore: number;
2559
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
2560
+ notifyUser?: boolean | undefined;
2561
+ } | undefined;
2562
+ medium?: {
2563
+ maxScore: number;
2564
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
2565
+ notifyUser?: boolean | undefined;
2566
+ } | undefined;
2567
+ high?: {
2568
+ maxScore: number;
2569
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
2570
+ notifyUser?: boolean | undefined;
2571
+ } | undefined;
2572
+ } | undefined;
2573
+ blockedSignIn?: {
2574
+ message?: string | undefined;
2575
+ blockDuration?: number | undefined;
2576
+ errorCode?: string | undefined;
2577
+ } | undefined;
2578
+ maxTravelSpeed?: number | undefined;
2579
+ countryChangeThreshold?: number | undefined;
2580
+ suspiciousActivityWindow?: number | undefined;
2581
+ } | undefined;
2582
+ } | undefined;
2583
+ tablePrefix?: string | undefined;
2584
+ signup?: {
2585
+ verificationMethod?: "email" | "none" | "phone" | "both" | undefined;
2586
+ enabled?: boolean | undefined;
2587
+ allowDuplicatePhones?: boolean | undefined;
2588
+ emailVerification?: {
2589
+ expiresIn?: number | undefined;
2590
+ resendDelay?: number | undefined;
2591
+ rateLimitMax?: number | undefined;
2592
+ rateLimitWindow?: number | undefined;
2593
+ maxAttemptsPerUser?: number | undefined;
2594
+ maxAttemptsPerIP?: number | undefined;
2595
+ attemptWindow?: number | undefined;
2596
+ } | undefined;
2597
+ phoneVerification?: {
2598
+ expiresIn?: number | undefined;
2599
+ maxAttempts?: number | undefined;
2600
+ resendDelay?: number | undefined;
2601
+ rateLimitMax?: number | undefined;
2602
+ rateLimitWindow?: number | undefined;
2603
+ maxAttemptsPerUser?: number | undefined;
2604
+ maxAttemptsPerIP?: number | undefined;
2605
+ attemptWindow?: number | undefined;
2606
+ codeLength?: number | undefined;
2607
+ } | undefined;
2608
+ } | undefined;
2609
+ login?: {
2610
+ identifierType?: "email" | "phone" | "username" | "email_or_username" | undefined;
2611
+ } | undefined;
2612
+ lockout?: {
2613
+ duration?: number | undefined;
2614
+ maxAttempts?: number | undefined;
2615
+ enabled?: boolean | undefined;
2616
+ resetOnSuccess?: boolean | undefined;
2617
+ } | undefined;
2618
+ security?: {
2619
+ csrf?: {
2620
+ cookieName?: string | undefined;
2621
+ headerName?: string | undefined;
2622
+ tokenLength?: number | undefined;
2623
+ excludedPaths?: string[] | undefined;
2624
+ cookieOptions?: {
2625
+ secure?: boolean | undefined;
2626
+ sameSite?: "none" | "strict" | "lax" | undefined;
2627
+ domain?: string | undefined;
2628
+ path?: string | undefined;
2629
+ } | undefined;
2630
+ } | undefined;
2631
+ } | undefined;
2632
+ hooks?: {
2633
+ onAdaptiveMFATriggered?: any;
2634
+ onSignInBlocked?: any;
2635
+ afterSignup?: any;
2636
+ beforePasswordChange?: any;
2637
+ afterPasswordChange?: any;
2638
+ beforeSignup?: any;
2639
+ beforeLogin?: any;
2640
+ afterLogin?: any;
2641
+ afterLoginFailed?: any;
2642
+ beforeAccountLock?: any;
2643
+ afterAccountLock?: any;
2644
+ } | undefined;
2645
+ auditLogs?: {
2646
+ enabled?: boolean | undefined;
2647
+ fireAndForget?: boolean | undefined;
2648
+ } | undefined;
2649
+ emailProvider?: any;
2650
+ smsProvider?: any;
2651
+ storageAdapter?: any;
2652
+ logger?: any;
2653
+ tokenDelivery?: {
2654
+ method?: "json" | "cookies" | "hybrid" | undefined;
2655
+ cookieOptions?: {
2656
+ secure?: boolean | undefined;
2657
+ sameSite?: "none" | "strict" | "lax" | undefined;
2658
+ domain?: string | undefined;
2659
+ path?: string | undefined;
2660
+ } | undefined;
2661
+ cookieNamePrefix?: string | undefined;
2662
+ hybridPolicy?: {
2663
+ webOrigins?: string[] | undefined;
2664
+ nativeOrigins?: string[] | undefined;
2665
+ } | undefined;
2666
+ } | undefined;
2667
+ challenge?: {
2668
+ maxAttempts?: number | undefined;
2669
+ } | undefined;
2670
+ geoLocation?: {
2671
+ maxMind?: {
2672
+ dbPath?: string | undefined;
2673
+ skipDownloads?: boolean | undefined;
2674
+ licenseKey?: string | undefined;
2675
+ accountId?: number | undefined;
2676
+ autoDownloadOnStartup?: boolean | undefined;
2677
+ editions?: string[] | undefined;
2678
+ } | undefined;
2679
+ } | undefined;
2680
+ }, {
2681
+ jwt: {
2682
+ accessToken: {
2683
+ expiresIn: string | number;
2684
+ secret?: string | undefined;
2685
+ publicKey?: string | undefined;
2686
+ privateKey?: string | undefined;
2687
+ };
2688
+ refreshToken: {
2689
+ expiresIn: string | number;
2690
+ secret: string;
2691
+ rotation?: boolean | undefined;
2692
+ reuseDetection?: boolean | undefined;
2693
+ };
2694
+ algorithm?: "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512" | undefined;
2695
+ issuer?: string | undefined;
2696
+ audience?: string | string[] | undefined;
2697
+ };
2698
+ email?: {
2699
+ appName?: string | undefined;
2700
+ companyName?: string | undefined;
2701
+ brandColor?: string | undefined;
2702
+ logoUrl?: string | undefined;
2703
+ dashboardUrl?: string | undefined;
2704
+ supportEmail?: string | undefined;
2705
+ footerDisclaimer?: string | undefined;
2706
+ templates?: {
2707
+ engine?: any;
2708
+ globalVariables?: Record<string, string | number | boolean> | undefined;
2709
+ customTemplates?: Record<string, {
2710
+ htmlPath?: string | undefined;
2711
+ html?: string | undefined;
2712
+ textPath?: string | undefined;
2713
+ text?: string | undefined;
2714
+ subject?: string | undefined;
2715
+ }> | undefined;
2716
+ } | undefined;
2717
+ } | undefined;
2718
+ phone?: {} | undefined;
2719
+ password?: {
2720
+ minLength?: number | undefined;
2721
+ maxLength?: number | undefined;
2722
+ requireUppercase?: boolean | undefined;
2723
+ requireLowercase?: boolean | undefined;
2724
+ requireNumbers?: boolean | undefined;
2725
+ requireSpecialChars?: boolean | undefined;
2726
+ specialChars?: string | undefined;
2727
+ preventCommon?: boolean | undefined;
2728
+ preventUserInfo?: boolean | undefined;
2729
+ historyCount?: number | undefined;
2730
+ expiryDays?: number | undefined;
2731
+ } | undefined;
2732
+ session?: {
2733
+ maxConcurrent?: number | undefined;
2734
+ disallowMultipleSessions?: boolean | undefined;
2735
+ maxLifetime?: string | number | undefined;
2736
+ } | undefined;
2737
+ social?: {
2738
+ google?: {
2739
+ enabled?: boolean | undefined;
2740
+ clientId?: string | string[] | undefined;
2741
+ clientSecret?: string | undefined;
2742
+ callbackUrl?: string | undefined;
2743
+ scopes?: string[] | undefined;
2744
+ autoLink?: boolean | undefined;
2745
+ allowSignup?: boolean | undefined;
2746
+ } | undefined;
2747
+ apple?: {
2748
+ enabled?: boolean | undefined;
2749
+ clientId?: string | string[] | undefined;
2750
+ clientSecret?: string | undefined;
2751
+ callbackUrl?: string | undefined;
2752
+ scopes?: string[] | undefined;
2753
+ autoLink?: boolean | undefined;
2754
+ allowSignup?: boolean | undefined;
2755
+ } | undefined;
2756
+ facebook?: {
2757
+ enabled?: boolean | undefined;
2758
+ clientId?: string | string[] | undefined;
2759
+ clientSecret?: string | undefined;
2760
+ callbackUrl?: string | undefined;
2761
+ scopes?: string[] | undefined;
2762
+ autoLink?: boolean | undefined;
2763
+ allowSignup?: boolean | undefined;
2764
+ } | undefined;
2765
+ } | undefined;
2766
+ mfa?: {
2767
+ totp?: {
2768
+ algorithm?: "sha1" | "sha256" | "sha512" | undefined;
2769
+ window?: number | undefined;
2770
+ stepSeconds?: number | undefined;
2771
+ digits?: number | undefined;
2772
+ } | undefined;
2773
+ passkey?: {
2774
+ rpName: string;
2775
+ rpId: string;
2776
+ origin?: string | string[] | undefined;
2777
+ timeout?: number | undefined;
2778
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
2779
+ authenticatorAttachment?: "platform" | "cross-platform" | undefined;
2780
+ } | undefined;
2781
+ backup?: {
2782
+ enabled?: boolean | undefined;
2783
+ codeLength?: number | undefined;
2784
+ codeCount?: number | undefined;
2785
+ } | undefined;
2786
+ rememberDevices?: "always" | "user_opt_in" | "never" | undefined;
2787
+ enabled?: boolean | undefined;
2788
+ requireForSocialLogin?: boolean | undefined;
2789
+ allowedMethods?: ("totp" | "sms" | "email" | "passkey")[] | undefined;
2790
+ bypassMFAForTrustedDevices?: boolean | undefined;
2791
+ rememberDeviceDays?: number | undefined;
2792
+ issuer?: string | undefined;
2793
+ enforcement?: "OPTIONAL" | "REQUIRED" | "ADAPTIVE" | undefined;
2794
+ gracePeriod?: number | undefined;
2795
+ adaptive?: {
2796
+ triggers?: ("new_device" | "new_ip" | "new_country" | "impossible_travel" | "suspicious_activity")[] | undefined;
2797
+ riskThreshold?: number | undefined;
2798
+ riskWeights?: Record<string, number> | undefined;
2799
+ riskLevels?: {
2800
+ low?: {
2801
+ maxScore: number;
2802
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
2803
+ notifyUser?: boolean | undefined;
2804
+ } | undefined;
2805
+ medium?: {
2806
+ maxScore: number;
2807
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
2808
+ notifyUser?: boolean | undefined;
2809
+ } | undefined;
2810
+ high?: {
2811
+ maxScore: number;
2812
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
2813
+ notifyUser?: boolean | undefined;
2814
+ } | undefined;
2815
+ } | undefined;
2816
+ blockedSignIn?: {
2817
+ message?: string | undefined;
2818
+ blockDuration?: number | undefined;
2819
+ errorCode?: string | undefined;
2820
+ } | undefined;
2821
+ maxTravelSpeed?: number | undefined;
2822
+ countryChangeThreshold?: number | undefined;
2823
+ suspiciousActivityWindow?: number | undefined;
2824
+ } | undefined;
2825
+ } | undefined;
2826
+ tablePrefix?: string | undefined;
2827
+ signup?: {
2828
+ verificationMethod?: "email" | "none" | "phone" | "both" | undefined;
2829
+ enabled?: boolean | undefined;
2830
+ allowDuplicatePhones?: boolean | undefined;
2831
+ emailVerification?: {
2832
+ expiresIn?: number | undefined;
2833
+ resendDelay?: number | undefined;
2834
+ rateLimitMax?: number | undefined;
2835
+ rateLimitWindow?: number | undefined;
2836
+ maxAttemptsPerUser?: number | undefined;
2837
+ maxAttemptsPerIP?: number | undefined;
2838
+ attemptWindow?: number | undefined;
2839
+ } | undefined;
2840
+ phoneVerification?: {
2841
+ expiresIn?: number | undefined;
2842
+ maxAttempts?: number | undefined;
2843
+ resendDelay?: number | undefined;
2844
+ rateLimitMax?: number | undefined;
2845
+ rateLimitWindow?: number | undefined;
2846
+ maxAttemptsPerUser?: number | undefined;
2847
+ maxAttemptsPerIP?: number | undefined;
2848
+ attemptWindow?: number | undefined;
2849
+ codeLength?: number | undefined;
2850
+ } | undefined;
2851
+ } | undefined;
2852
+ login?: {
2853
+ identifierType?: "email" | "phone" | "username" | "email_or_username" | undefined;
2854
+ } | undefined;
2855
+ lockout?: {
2856
+ duration?: number | undefined;
2857
+ maxAttempts?: number | undefined;
2858
+ enabled?: boolean | undefined;
2859
+ resetOnSuccess?: boolean | undefined;
2860
+ } | undefined;
2861
+ security?: {
2862
+ csrf?: {
2863
+ cookieName?: string | undefined;
2864
+ headerName?: string | undefined;
2865
+ tokenLength?: number | undefined;
2866
+ excludedPaths?: string[] | undefined;
2867
+ cookieOptions?: {
2868
+ secure?: boolean | undefined;
2869
+ sameSite?: "none" | "strict" | "lax" | undefined;
2870
+ domain?: string | undefined;
2871
+ path?: string | undefined;
2872
+ } | undefined;
2873
+ } | undefined;
2874
+ } | undefined;
2875
+ hooks?: {
2876
+ onAdaptiveMFATriggered?: any;
2877
+ onSignInBlocked?: any;
2878
+ afterSignup?: any;
2879
+ beforePasswordChange?: any;
2880
+ afterPasswordChange?: any;
2881
+ beforeSignup?: any;
2882
+ beforeLogin?: any;
2883
+ afterLogin?: any;
2884
+ afterLoginFailed?: any;
2885
+ beforeAccountLock?: any;
2886
+ afterAccountLock?: any;
2887
+ } | undefined;
2888
+ auditLogs?: {
2889
+ enabled?: boolean | undefined;
2890
+ fireAndForget?: boolean | undefined;
2891
+ } | undefined;
2892
+ emailProvider?: any;
2893
+ smsProvider?: any;
2894
+ storageAdapter?: any;
2895
+ logger?: any;
2896
+ tokenDelivery?: {
2897
+ method?: "json" | "cookies" | "hybrid" | undefined;
2898
+ cookieOptions?: {
2899
+ secure?: boolean | undefined;
2900
+ sameSite?: "none" | "strict" | "lax" | undefined;
2901
+ domain?: string | undefined;
2902
+ path?: string | undefined;
2903
+ } | undefined;
2904
+ cookieNamePrefix?: string | undefined;
2905
+ hybridPolicy?: {
2906
+ webOrigins?: string[] | undefined;
2907
+ nativeOrigins?: string[] | undefined;
2908
+ } | undefined;
2909
+ } | undefined;
2910
+ challenge?: {
2911
+ maxAttempts?: number | undefined;
2912
+ } | undefined;
2913
+ geoLocation?: {
2914
+ maxMind?: {
2915
+ dbPath?: string | undefined;
2916
+ skipDownloads?: boolean | undefined;
2917
+ licenseKey?: string | undefined;
2918
+ accountId?: number | undefined;
2919
+ autoDownloadOnStartup?: boolean | undefined;
2920
+ editions?: string[] | undefined;
2921
+ } | undefined;
2922
+ } | undefined;
2923
+ }>, {
2924
+ jwt: {
2925
+ accessToken: {
2926
+ expiresIn: string | number;
2927
+ secret?: string | undefined;
2928
+ publicKey?: string | undefined;
2929
+ privateKey?: string | undefined;
2930
+ };
2931
+ refreshToken: {
2932
+ expiresIn: string | number;
2933
+ secret: string;
2934
+ rotation?: boolean | undefined;
2935
+ reuseDetection?: boolean | undefined;
2936
+ };
2937
+ algorithm?: "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512" | undefined;
2938
+ issuer?: string | undefined;
2939
+ audience?: string | string[] | undefined;
2940
+ };
2941
+ email?: {
2942
+ appName?: string | undefined;
2943
+ companyName?: string | undefined;
2944
+ brandColor?: string | undefined;
2945
+ logoUrl?: string | undefined;
2946
+ dashboardUrl?: string | undefined;
2947
+ supportEmail?: string | undefined;
2948
+ footerDisclaimer?: string | undefined;
2949
+ templates?: {
2950
+ engine?: any;
2951
+ globalVariables?: Record<string, string | number | boolean> | undefined;
2952
+ customTemplates?: Record<string, {
2953
+ htmlPath?: string | undefined;
2954
+ html?: string | undefined;
2955
+ textPath?: string | undefined;
2956
+ text?: string | undefined;
2957
+ subject?: string | undefined;
2958
+ }> | undefined;
2959
+ } | undefined;
2960
+ } | undefined;
2961
+ phone?: {} | undefined;
2962
+ password?: {
2963
+ minLength?: number | undefined;
2964
+ maxLength?: number | undefined;
2965
+ requireUppercase?: boolean | undefined;
2966
+ requireLowercase?: boolean | undefined;
2967
+ requireNumbers?: boolean | undefined;
2968
+ requireSpecialChars?: boolean | undefined;
2969
+ specialChars?: string | undefined;
2970
+ preventCommon?: boolean | undefined;
2971
+ preventUserInfo?: boolean | undefined;
2972
+ historyCount?: number | undefined;
2973
+ expiryDays?: number | undefined;
2974
+ } | undefined;
2975
+ session?: {
2976
+ maxConcurrent?: number | undefined;
2977
+ disallowMultipleSessions?: boolean | undefined;
2978
+ maxLifetime?: string | number | undefined;
2979
+ } | undefined;
2980
+ social?: {
2981
+ google?: {
2982
+ enabled?: boolean | undefined;
2983
+ clientId?: string | string[] | undefined;
2984
+ clientSecret?: string | undefined;
2985
+ callbackUrl?: string | undefined;
2986
+ scopes?: string[] | undefined;
2987
+ autoLink?: boolean | undefined;
2988
+ allowSignup?: boolean | undefined;
2989
+ } | undefined;
2990
+ apple?: {
2991
+ enabled?: boolean | undefined;
2992
+ clientId?: string | string[] | undefined;
2993
+ clientSecret?: string | undefined;
2994
+ callbackUrl?: string | undefined;
2995
+ scopes?: string[] | undefined;
2996
+ autoLink?: boolean | undefined;
2997
+ allowSignup?: boolean | undefined;
2998
+ } | undefined;
2999
+ facebook?: {
3000
+ enabled?: boolean | undefined;
3001
+ clientId?: string | string[] | undefined;
3002
+ clientSecret?: string | undefined;
3003
+ callbackUrl?: string | undefined;
3004
+ scopes?: string[] | undefined;
3005
+ autoLink?: boolean | undefined;
3006
+ allowSignup?: boolean | undefined;
3007
+ } | undefined;
3008
+ } | undefined;
3009
+ mfa?: {
3010
+ totp?: {
3011
+ algorithm?: "sha1" | "sha256" | "sha512" | undefined;
3012
+ window?: number | undefined;
3013
+ stepSeconds?: number | undefined;
3014
+ digits?: number | undefined;
3015
+ } | undefined;
3016
+ passkey?: {
3017
+ rpName: string;
3018
+ rpId: string;
3019
+ origin?: string | string[] | undefined;
3020
+ timeout?: number | undefined;
3021
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
3022
+ authenticatorAttachment?: "platform" | "cross-platform" | undefined;
3023
+ } | undefined;
3024
+ backup?: {
3025
+ enabled?: boolean | undefined;
3026
+ codeLength?: number | undefined;
3027
+ codeCount?: number | undefined;
3028
+ } | undefined;
3029
+ rememberDevices?: "always" | "user_opt_in" | "never" | undefined;
3030
+ enabled?: boolean | undefined;
3031
+ requireForSocialLogin?: boolean | undefined;
3032
+ allowedMethods?: ("totp" | "sms" | "email" | "passkey")[] | undefined;
3033
+ bypassMFAForTrustedDevices?: boolean | undefined;
3034
+ rememberDeviceDays?: number | undefined;
3035
+ issuer?: string | undefined;
3036
+ enforcement?: "OPTIONAL" | "REQUIRED" | "ADAPTIVE" | undefined;
3037
+ gracePeriod?: number | undefined;
3038
+ adaptive?: {
3039
+ triggers?: ("new_device" | "new_ip" | "new_country" | "impossible_travel" | "suspicious_activity")[] | undefined;
3040
+ riskThreshold?: number | undefined;
3041
+ riskWeights?: Record<string, number> | undefined;
3042
+ riskLevels?: {
3043
+ low?: {
3044
+ maxScore: number;
3045
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
3046
+ notifyUser?: boolean | undefined;
3047
+ } | undefined;
3048
+ medium?: {
3049
+ maxScore: number;
3050
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
3051
+ notifyUser?: boolean | undefined;
3052
+ } | undefined;
3053
+ high?: {
3054
+ maxScore: number;
3055
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
3056
+ notifyUser?: boolean | undefined;
3057
+ } | undefined;
3058
+ } | undefined;
3059
+ blockedSignIn?: {
3060
+ message?: string | undefined;
3061
+ blockDuration?: number | undefined;
3062
+ errorCode?: string | undefined;
3063
+ } | undefined;
3064
+ maxTravelSpeed?: number | undefined;
3065
+ countryChangeThreshold?: number | undefined;
3066
+ suspiciousActivityWindow?: number | undefined;
3067
+ } | undefined;
3068
+ } | undefined;
3069
+ tablePrefix?: string | undefined;
3070
+ signup?: {
3071
+ verificationMethod?: "email" | "none" | "phone" | "both" | undefined;
3072
+ enabled?: boolean | undefined;
3073
+ allowDuplicatePhones?: boolean | undefined;
3074
+ emailVerification?: {
3075
+ expiresIn?: number | undefined;
3076
+ resendDelay?: number | undefined;
3077
+ rateLimitMax?: number | undefined;
3078
+ rateLimitWindow?: number | undefined;
3079
+ maxAttemptsPerUser?: number | undefined;
3080
+ maxAttemptsPerIP?: number | undefined;
3081
+ attemptWindow?: number | undefined;
3082
+ } | undefined;
3083
+ phoneVerification?: {
3084
+ expiresIn?: number | undefined;
3085
+ maxAttempts?: number | undefined;
3086
+ resendDelay?: number | undefined;
3087
+ rateLimitMax?: number | undefined;
3088
+ rateLimitWindow?: number | undefined;
3089
+ maxAttemptsPerUser?: number | undefined;
3090
+ maxAttemptsPerIP?: number | undefined;
3091
+ attemptWindow?: number | undefined;
3092
+ codeLength?: number | undefined;
3093
+ } | undefined;
3094
+ } | undefined;
3095
+ login?: {
3096
+ identifierType?: "email" | "phone" | "username" | "email_or_username" | undefined;
3097
+ } | undefined;
3098
+ lockout?: {
3099
+ duration?: number | undefined;
3100
+ maxAttempts?: number | undefined;
3101
+ enabled?: boolean | undefined;
3102
+ resetOnSuccess?: boolean | undefined;
3103
+ } | undefined;
3104
+ security?: {
3105
+ csrf?: {
3106
+ cookieName?: string | undefined;
3107
+ headerName?: string | undefined;
3108
+ tokenLength?: number | undefined;
3109
+ excludedPaths?: string[] | undefined;
3110
+ cookieOptions?: {
3111
+ secure?: boolean | undefined;
3112
+ sameSite?: "none" | "strict" | "lax" | undefined;
3113
+ domain?: string | undefined;
3114
+ path?: string | undefined;
3115
+ } | undefined;
3116
+ } | undefined;
3117
+ } | undefined;
3118
+ hooks?: {
3119
+ onAdaptiveMFATriggered?: any;
3120
+ onSignInBlocked?: any;
3121
+ afterSignup?: any;
3122
+ beforePasswordChange?: any;
3123
+ afterPasswordChange?: any;
3124
+ beforeSignup?: any;
3125
+ beforeLogin?: any;
3126
+ afterLogin?: any;
3127
+ afterLoginFailed?: any;
3128
+ beforeAccountLock?: any;
3129
+ afterAccountLock?: any;
3130
+ } | undefined;
3131
+ auditLogs?: {
3132
+ enabled?: boolean | undefined;
3133
+ fireAndForget?: boolean | undefined;
3134
+ } | undefined;
3135
+ emailProvider?: any;
3136
+ smsProvider?: any;
3137
+ storageAdapter?: any;
3138
+ logger?: any;
3139
+ tokenDelivery?: {
3140
+ method?: "json" | "cookies" | "hybrid" | undefined;
3141
+ cookieOptions?: {
3142
+ secure?: boolean | undefined;
3143
+ sameSite?: "none" | "strict" | "lax" | undefined;
3144
+ domain?: string | undefined;
3145
+ path?: string | undefined;
3146
+ } | undefined;
3147
+ cookieNamePrefix?: string | undefined;
3148
+ hybridPolicy?: {
3149
+ webOrigins?: string[] | undefined;
3150
+ nativeOrigins?: string[] | undefined;
3151
+ } | undefined;
3152
+ } | undefined;
3153
+ challenge?: {
3154
+ maxAttempts?: number | undefined;
3155
+ } | undefined;
3156
+ geoLocation?: {
3157
+ maxMind?: {
3158
+ dbPath?: string | undefined;
3159
+ skipDownloads?: boolean | undefined;
3160
+ licenseKey?: string | undefined;
3161
+ accountId?: number | undefined;
3162
+ autoDownloadOnStartup?: boolean | undefined;
3163
+ editions?: string[] | undefined;
3164
+ } | undefined;
3165
+ } | undefined;
3166
+ }, {
3167
+ jwt: {
3168
+ accessToken: {
3169
+ expiresIn: string | number;
3170
+ secret?: string | undefined;
3171
+ publicKey?: string | undefined;
3172
+ privateKey?: string | undefined;
3173
+ };
3174
+ refreshToken: {
3175
+ expiresIn: string | number;
3176
+ secret: string;
3177
+ rotation?: boolean | undefined;
3178
+ reuseDetection?: boolean | undefined;
3179
+ };
3180
+ algorithm?: "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512" | undefined;
3181
+ issuer?: string | undefined;
3182
+ audience?: string | string[] | undefined;
3183
+ };
3184
+ email?: {
3185
+ appName?: string | undefined;
3186
+ companyName?: string | undefined;
3187
+ brandColor?: string | undefined;
3188
+ logoUrl?: string | undefined;
3189
+ dashboardUrl?: string | undefined;
3190
+ supportEmail?: string | undefined;
3191
+ footerDisclaimer?: string | undefined;
3192
+ templates?: {
3193
+ engine?: any;
3194
+ globalVariables?: Record<string, string | number | boolean> | undefined;
3195
+ customTemplates?: Record<string, {
3196
+ htmlPath?: string | undefined;
3197
+ html?: string | undefined;
3198
+ textPath?: string | undefined;
3199
+ text?: string | undefined;
3200
+ subject?: string | undefined;
3201
+ }> | undefined;
3202
+ } | undefined;
3203
+ } | undefined;
3204
+ phone?: {} | undefined;
3205
+ password?: {
3206
+ minLength?: number | undefined;
3207
+ maxLength?: number | undefined;
3208
+ requireUppercase?: boolean | undefined;
3209
+ requireLowercase?: boolean | undefined;
3210
+ requireNumbers?: boolean | undefined;
3211
+ requireSpecialChars?: boolean | undefined;
3212
+ specialChars?: string | undefined;
3213
+ preventCommon?: boolean | undefined;
3214
+ preventUserInfo?: boolean | undefined;
3215
+ historyCount?: number | undefined;
3216
+ expiryDays?: number | undefined;
3217
+ } | undefined;
3218
+ session?: {
3219
+ maxConcurrent?: number | undefined;
3220
+ disallowMultipleSessions?: boolean | undefined;
3221
+ maxLifetime?: string | number | undefined;
3222
+ } | undefined;
3223
+ social?: {
3224
+ google?: {
3225
+ enabled?: boolean | undefined;
3226
+ clientId?: string | string[] | undefined;
3227
+ clientSecret?: string | undefined;
3228
+ callbackUrl?: string | undefined;
3229
+ scopes?: string[] | undefined;
3230
+ autoLink?: boolean | undefined;
3231
+ allowSignup?: boolean | undefined;
3232
+ } | undefined;
3233
+ apple?: {
3234
+ enabled?: boolean | undefined;
3235
+ clientId?: string | string[] | undefined;
3236
+ clientSecret?: string | undefined;
3237
+ callbackUrl?: string | undefined;
3238
+ scopes?: string[] | undefined;
3239
+ autoLink?: boolean | undefined;
3240
+ allowSignup?: boolean | undefined;
3241
+ } | undefined;
3242
+ facebook?: {
3243
+ enabled?: boolean | undefined;
3244
+ clientId?: string | string[] | undefined;
3245
+ clientSecret?: string | undefined;
3246
+ callbackUrl?: string | undefined;
3247
+ scopes?: string[] | undefined;
3248
+ autoLink?: boolean | undefined;
3249
+ allowSignup?: boolean | undefined;
3250
+ } | undefined;
3251
+ } | undefined;
3252
+ mfa?: {
3253
+ totp?: {
3254
+ algorithm?: "sha1" | "sha256" | "sha512" | undefined;
3255
+ window?: number | undefined;
3256
+ stepSeconds?: number | undefined;
3257
+ digits?: number | undefined;
3258
+ } | undefined;
3259
+ passkey?: {
3260
+ rpName: string;
3261
+ rpId: string;
3262
+ origin?: string | string[] | undefined;
3263
+ timeout?: number | undefined;
3264
+ userVerification?: "required" | "preferred" | "discouraged" | undefined;
3265
+ authenticatorAttachment?: "platform" | "cross-platform" | undefined;
3266
+ } | undefined;
3267
+ backup?: {
3268
+ enabled?: boolean | undefined;
3269
+ codeLength?: number | undefined;
3270
+ codeCount?: number | undefined;
3271
+ } | undefined;
3272
+ rememberDevices?: "always" | "user_opt_in" | "never" | undefined;
3273
+ enabled?: boolean | undefined;
3274
+ requireForSocialLogin?: boolean | undefined;
3275
+ allowedMethods?: ("totp" | "sms" | "email" | "passkey")[] | undefined;
3276
+ bypassMFAForTrustedDevices?: boolean | undefined;
3277
+ rememberDeviceDays?: number | undefined;
3278
+ issuer?: string | undefined;
3279
+ enforcement?: "OPTIONAL" | "REQUIRED" | "ADAPTIVE" | undefined;
3280
+ gracePeriod?: number | undefined;
3281
+ adaptive?: {
3282
+ triggers?: ("new_device" | "new_ip" | "new_country" | "impossible_travel" | "suspicious_activity")[] | undefined;
3283
+ riskThreshold?: number | undefined;
3284
+ riskWeights?: Record<string, number> | undefined;
3285
+ riskLevels?: {
3286
+ low?: {
3287
+ maxScore: number;
3288
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
3289
+ notifyUser?: boolean | undefined;
3290
+ } | undefined;
3291
+ medium?: {
3292
+ maxScore: number;
3293
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
3294
+ notifyUser?: boolean | undefined;
3295
+ } | undefined;
3296
+ high?: {
3297
+ maxScore: number;
3298
+ action?: "allow" | "require_mfa" | "block_signin" | undefined;
3299
+ notifyUser?: boolean | undefined;
3300
+ } | undefined;
3301
+ } | undefined;
3302
+ blockedSignIn?: {
3303
+ message?: string | undefined;
3304
+ blockDuration?: number | undefined;
3305
+ errorCode?: string | undefined;
3306
+ } | undefined;
3307
+ maxTravelSpeed?: number | undefined;
3308
+ countryChangeThreshold?: number | undefined;
3309
+ suspiciousActivityWindow?: number | undefined;
3310
+ } | undefined;
3311
+ } | undefined;
3312
+ tablePrefix?: string | undefined;
3313
+ signup?: {
3314
+ verificationMethod?: "email" | "none" | "phone" | "both" | undefined;
3315
+ enabled?: boolean | undefined;
3316
+ allowDuplicatePhones?: boolean | undefined;
3317
+ emailVerification?: {
3318
+ expiresIn?: number | undefined;
3319
+ resendDelay?: number | undefined;
3320
+ rateLimitMax?: number | undefined;
3321
+ rateLimitWindow?: number | undefined;
3322
+ maxAttemptsPerUser?: number | undefined;
3323
+ maxAttemptsPerIP?: number | undefined;
3324
+ attemptWindow?: number | undefined;
3325
+ } | undefined;
3326
+ phoneVerification?: {
3327
+ expiresIn?: number | undefined;
3328
+ maxAttempts?: number | undefined;
3329
+ resendDelay?: number | undefined;
3330
+ rateLimitMax?: number | undefined;
3331
+ rateLimitWindow?: number | undefined;
3332
+ maxAttemptsPerUser?: number | undefined;
3333
+ maxAttemptsPerIP?: number | undefined;
3334
+ attemptWindow?: number | undefined;
3335
+ codeLength?: number | undefined;
3336
+ } | undefined;
3337
+ } | undefined;
3338
+ login?: {
3339
+ identifierType?: "email" | "phone" | "username" | "email_or_username" | undefined;
3340
+ } | undefined;
3341
+ lockout?: {
3342
+ duration?: number | undefined;
3343
+ maxAttempts?: number | undefined;
3344
+ enabled?: boolean | undefined;
3345
+ resetOnSuccess?: boolean | undefined;
3346
+ } | undefined;
3347
+ security?: {
3348
+ csrf?: {
3349
+ cookieName?: string | undefined;
3350
+ headerName?: string | undefined;
3351
+ tokenLength?: number | undefined;
3352
+ excludedPaths?: string[] | undefined;
3353
+ cookieOptions?: {
3354
+ secure?: boolean | undefined;
3355
+ sameSite?: "none" | "strict" | "lax" | undefined;
3356
+ domain?: string | undefined;
3357
+ path?: string | undefined;
3358
+ } | undefined;
3359
+ } | undefined;
3360
+ } | undefined;
3361
+ hooks?: {
3362
+ onAdaptiveMFATriggered?: any;
3363
+ onSignInBlocked?: any;
3364
+ afterSignup?: any;
3365
+ beforePasswordChange?: any;
3366
+ afterPasswordChange?: any;
3367
+ beforeSignup?: any;
3368
+ beforeLogin?: any;
3369
+ afterLogin?: any;
3370
+ afterLoginFailed?: any;
3371
+ beforeAccountLock?: any;
3372
+ afterAccountLock?: any;
3373
+ } | undefined;
3374
+ auditLogs?: {
3375
+ enabled?: boolean | undefined;
3376
+ fireAndForget?: boolean | undefined;
3377
+ } | undefined;
3378
+ emailProvider?: any;
3379
+ smsProvider?: any;
3380
+ storageAdapter?: any;
3381
+ logger?: any;
3382
+ tokenDelivery?: {
3383
+ method?: "json" | "cookies" | "hybrid" | undefined;
3384
+ cookieOptions?: {
3385
+ secure?: boolean | undefined;
3386
+ sameSite?: "none" | "strict" | "lax" | undefined;
3387
+ domain?: string | undefined;
3388
+ path?: string | undefined;
3389
+ } | undefined;
3390
+ cookieNamePrefix?: string | undefined;
3391
+ hybridPolicy?: {
3392
+ webOrigins?: string[] | undefined;
3393
+ nativeOrigins?: string[] | undefined;
3394
+ } | undefined;
3395
+ } | undefined;
3396
+ challenge?: {
3397
+ maxAttempts?: number | undefined;
3398
+ } | undefined;
3399
+ geoLocation?: {
3400
+ maxMind?: {
3401
+ dbPath?: string | undefined;
3402
+ skipDownloads?: boolean | undefined;
3403
+ licenseKey?: string | undefined;
3404
+ accountId?: number | undefined;
3405
+ autoDownloadOnStartup?: boolean | undefined;
3406
+ editions?: string[] | undefined;
3407
+ } | undefined;
3408
+ } | undefined;
3409
+ }>;
3410
+ export type NAuthConfig = z.infer<typeof authConfigSchema>;
3411
+ //# sourceMappingURL=auth-config.schema.d.ts.map